Security experts cautioned of a recent operation to deceive people into downloading a remote access trojan by pretending to update their Chrome browser. This virus was known as FakeUpdateRU. Researchers at Sucuri claim that the malware impacts CMS platforms as well as WordPress websites.
The campaign was originally discovered after the malware had already affected a large number of websites, which Google subsequently fixed. During the campaign, the malware replaces the content of the website with a harmful overlay by overwriting the main index.php file. Malware was occasionally introduced into index.html files located in the wp-content directory.