CTAs Leveraging Fake Browser Updates in Malware Campaigns

MS-ISAC reports a significant rise in opportunistic campaigns in 2H 2023 that use fake browser update pages to deliver JavaScript downloaders (SocGholish, RogueRaticate, ClearFake), which then drop secondary payloads including NetSupport, AsyncRAT, and Lumma Stealer; the report presents rising detection trends, detailed IOCs (hashes, IPs, domains, URLs), mapped MITRE ATT&CK techniques, and concrete defensive measures (training, EDR, NIDS, allowlisting, PowerShell controls, DNS filtering) to help SLTT organizations mitigate these threats.