Cybercriminals are getting bolder and better at tricking people into infecting their own devices. One of the fastest-growing threats right now is the so-called “Fake Update” scam, where a pop-up or page urges you to update your browser but installs malware instead. And it’s no longer just targeting Windows users – macOS devices are now squarely in the crosshairs, too.
According to the Q1/2025 Threat Report by Gen (parent company of Norton, Avast, and Lifelock ), Fake Update scams surged 1,711% last quarter. This new wave of attacks hit users across Europe especially hard, with hotspots in Belgium, Poland, Italy, Germany, and the UK, but Americans are at risk, too. The hook is simple but effective: you're browsing a site, and a warning flashes that your Chrome or Opera browser is outdated. The message looks convincing – often using familiar logos, fonts, and language – and it urges you to download the latest version right away. But instead of a legitimate update, you're downloading malware like the Lumma Stealer, a powerful info-stealing tool that can exfiltrate passwords, crypto wallet data, and two-factor authentication tokens.
What makes these scams so effective is that they exploit a habit that we are encouraged to practice: staying up to date. Fake Update campaigns tap into that trust, using realistic visuals and urgency to override skepticism. Once the malware is installed, there’s no “undo.” Attackers have full access to sensitive data, and in some cases, can use that to gain entrance to your other accounts and devices.
In Partnership with Surfshark
The best protection is knowing how real browser updates work. Chrome, for instance, updates automatically in the background. You never need to manually download anything from a pop-up or third-party site. If you’re ever unsure, go to Menu > Settings > About Chrome (or Menu > Update & Recovery for Opera) in your browser to initiate the update. Never click “update” on a random page. This applies to both PC and Mac users, especially as attackers increasingly blur the lines between platforms.
Fake Update scams are a perfect example of a broader shift in cybercrime: attackers no longer rely on brute force; they rely on you. With AI-generated pages and social engineering techniques improving rapidly, even tech-savvy people are falling for it.
Read more: Why Your Browser Extensions Could Be a Privacy Nightmare
[Image credit: DALL-E]
