Google Security Update: Chrome Users Targeted by New Malware Threat

Google’s security efforts have been making headlines this week, with both positive and concerning developments. On the bright side, researchers have uncovered a critical Linux zero-day affecting Android users, while Google has introduced a major security update for Gmail, which has already shown a significant positive impact. However, security experts are also raising alarms about a new malware campaign targeting users searching for the Google Chrome web browser app.

Google Security Update: Chrome Users Targeted by New Malware Threat

Shmuel Uzan from Morphisec Threat Labs has reported an ongoing cyberattack campaign deploying a multi-stage malware called ValleyRAT. This sophisticated attack employs a drive-by download strategy, meaning victims unknowingly authorize malware downloads while attempting to install legitimate software—such as the Google Chrome web browser.

Attackers are using various methods to spread the malware, including phishing emails, malicious websites, and instant messaging platforms. According to Uzan, one particular instance involved a fake website impersonating a Chinese telecom company named Karlos. Unsuspecting users visiting the site were tricked into downloading the malicious app, which then infected their systems.

Unlike traditional widespread attacks, this ValleyRAT campaign is highly targeted. Cybersecurity expert Jamie Akhtar, CEO of CyberSmart, noted that while ValleyRAT itself has existed since 2023, recent attacks demonstrate a higher level of sophistication.

“The campaign specifically targets finance, sales, and accounting professionals due to their access to sensitive financial data,” Akhtar explained. Unlike previous campaigns that followed a “spray and pray” approach, this attack is strategically aimed at high-value individuals.

Even though this attack is primarily affecting users in China, Akhtar warns that other regions are not safe. “If there’s one certainty about cybercriminals, it’s that successful attack methods will be copied and adapted for use against Western companies,” he said. He strongly advised individuals handling high-value data—particularly in sales, finance, and accounting—to exercise extreme caution when downloading software like browsers or browser extensions.

How Cybercriminals Manipulate Google Search Results

Cybersecurity expert Erich Kron from KnowBe4 emphasized the risks involved in downloading software from unofficial sources.

“Downloading software always carries risks, especially if users fail to verify that they are downloading from the official publisher’s website,” Kron explained. He warned that attackers often poison Google search results by paying for ads or using search engine manipulation to promote fake download links.

Since Google Chrome is the world’s most popular browser, hackers know they can lure millions of unsuspecting users. Kron advises always verifying the source of downloads and avoiding third-party websites or unofficial links.

Ongoing Chrome Security Vulnerabilities

While drive-by download attacks remain a pressing concern, Chrome users must also stay aware of security vulnerabilities affecting the browser itself.

In recent months, Google has issued multiple security warnings related to Chrome. The latest vulnerabilities, reported on February 5, 2025, impact users across multiple platforms, including Android, Linux, macOS, and Windows. These vulnerabilities include:

• CVE-2025-0444: A high-rated vulnerability affecting the Skia browser component.
• CVE-2025-0445: Another high-rated issue affecting Chrome’s V8 JavaScript engine.
• CVE-2025-0451: A medium-rated vulnerability impacting the Extensions API.

Furthermore, even ChromeOS users are not safe. Google has confirmed that millions of ChromeOS devices are at risk from new vulnerabilities. To address these, a new Long-Term Support (LTS-126) update (version 126.0.6478.264) is now rolling out, including fixes for:

• CVE-2025-0437: A high-risk out-of-bounds memory read issue in the Metrics component.
• CVE-2025-0438: A stack buffer overflow vulnerability in the Tracing component.

What You Should Do to Stay Safe

To protect yourself from these emerging threats, follow these steps:

1. Always download Chrome from Google’s official website (www.google.com/chrome) and avoid third-party download links.
2. Be cautious of phishing emails, fake websites, and suspicious download prompts. If an offer looks too good to be true, it probably is.
3. Keep Chrome and ChromeOS up to date. Google’s updates automatically install, but you should manually check for updates via Help > About Google Chrome to ensure you are running the latest version.
4. Enable enhanced security settings in Chrome. Go to Settings > Privacy and Security to enable Safe Browsing and other protective features.
5. Avoid browser extensions from unknown developers. Only install verified add-ons from the Chrome Web Store.

Final Thoughts

While Google continues to strengthen security, cybercriminals are evolving their attack methods. The ValleyRAT malware campaign highlights how hackers can exploit unsuspecting users by manipulating search results and creating fake download websites. Meanwhile, ongoing security vulnerabilities in Chrome and ChromeOS emphasize the importance of keeping your software updated.

By staying vigilant and following best security practices, users can reduce the risk of falling victim to cyberattacks.

See also: Google AI Policy Shift: Tech’s Ethical Crossroads