New attack warning for Windows usersNurPhoto via Getty ImagesA critical new warning this week, as a dangerous new browser update attacks Microsoft Windows users in the wild. As ever, this attack deploys social engineering to lure users into the simple click theyll quickly regret. Heres what to look for.The warning comes by way of Palo Alto Networks Unit 42, per Cyber Security News which picked up on the research. The attackers have injected malicious JavaScript into legitimate websites that will warn users they have an outdated browser module in Chrome, Edge or Firefox and need to update.These lures, Cyber Security News says, leverage realistic branding and urgency warnings, such as Critical Security Update Required. By downloading and running the script, the malware will fetch the NetSupport RAT code it needs to attack your PC, including an executable that enables remote device control, a library enabling data exfiltration and also Windows Registry modification scripts for persistence, making it hard to kill the process when its up and running on your machine.The researchers also warn that in recent campaigns observed on February 18, 2025, NetSupport RAT delivered a secondary payload: StealC, a credential-stealing malware. That does exactly what is says on the tin, and hunts for key login data and bypasses.The researchers warn the SmartApeSG campaign underscores the persistent threat of social engineering coupled with fileless attack techniques. By exploiting trusted software update mechanisms and Windows internals, threat actors achieve prolonged network access while evading conventional defenses.The following mitigation strategics have been provided:Block domains associated with SmartApeSG infrastructure (e.g., poormet[.]com, cinaweine[.]shop) using threat intelligence feeds.Deploy signatures for detecting malicious JavaScript patterns (e.g., long Base64 strings, asynchronous HTTP requests).Monitor for anomalous process relationships, such as mfpmp.exe spawning network connections or writing to %APPDATA%.Restrict PowerShell execution policies and log script activity to identify encoded command sequences.Train employees to recognize fake update lures, emphasizing that browsers auto-update and never require manual downloads.I have warned about the threat from fake browser installs and updates on multiple occasions, and this latest report clearly shows that the risk is only getting worse. It is now more critical than ever for users to only install or update browsers and browser modules through the traditional means.Use your browser to check for updates, do not click on popups or website links however legitimate they seem. And restart your browser afterward to make sure it installs. All browsers should be set to download updates automatically. Chrome update details here. Edge update details here. Firefox update details here.