Recently, a new malware campaign in France has been spreading an updated variant of the "WarmCookie" malware. The campaign was discovered by Gen Threat labs where a backdoor known as "WarmCookie" was being distributed through fake Chrome, Firefox, Edge, and Java updates.

The Campaign

An excerpt from BleepingComputer mentions that, quote:

In the latest campaign spotted by Gen Threat Labs, the WarmCookie backdoor has been updated with new features, including running DLLs from the temp folder and sending back the output, as well as to transfer and execute EXE and PowerShell files.

When the malicious program is updated, it performs some Anti-VM Checks before establishing connections with a C2 server. The most common ways to become infected is through fake download links (edgeupdate[.]com, mozillaupgrade[.]com). Remember that browsers automatically update and you will never be asked to install an update upon visiting a webpage. Stay safe.