Fake Google Chrome alerts are becoming increasingly sophisticated, tricking users into running malicious scripts that compromise their systems. Here’s how these fake alerts work and what you may do to protect yourself.

What Are Fake Google Chrome Alerts, and How Do They Work?

Fake Google Chrome alerts are deceptive messages that mimic legitimate system notifications. Their main goal is to trick you into executing harmful commands.

These alerts typically appear as:

The fake Google Chrome alerts use a few different methods, suggesting different hacking groups using similar approaches. For example, according toProofpoint, the ClearFake attack uses a series of compromised websites and blockchain scrips to infect your device, while the ClickFix variant uses compromised sites and iframes to deliver malware to your machine. Similarly, another attack uses malicious HTML attachments and fake error messages to trick you into copying dangerous commands and compromise your machine.

In each attack type, the user is prompted to open Windows PowerShell and copy and paste the code provided by the fake alert. As you can probably guess, if that happens, additional malware is downloaded and installed on the device, leading to data theft, malware, and ransomware such as DarkGate, Vidar Stealer, Matanbuchus, and NetSupport. Furthermore, while the fake Google Chrome alerts were a significant issue, ProofPoint also noted fake alerts in Microsoft Word and other Office programs, along with Outlook.

fake google chrome alert example

How to Spot Fake Google Chrome Alerts

The fake Google Chrome alerts are convincing, but there are a few ways you’re able to try and spot them:

Spotting a fake Google Chrome alert is surprisingly similar tospotting a phishing websiteand often results in the same issues!

malicious outlook powershell alert

How to Protect Yourself From Fake Google Chrome Alerts

you may also be proactive in your defense against fake Google Chrome alerts and other types of phishing and malware by taking the following steps:

It’s not always easy to spot a malicious Chrome alert (or any other alert for that matter). They’re designed to be as real as possible. Otherwise, they wouldn’t work. But by taking a moment to double-check any alerts, you could save yourself heaps of pain down the line.