Infostealer Delivery via Fake Browser Update Website

A user was redirected from a compromised blog to a fake Chrome update site (https://chrome-security-update.com/install) that served Chrome_Update_Release.zip containing Updater_Setup.exe; the executable created a scheduled task named ChromeUpdaterService, harvested browser-stored credentials, cookies, and cryptocurrency wallet data, and exfiltrated data to api.collect-sync.com over HTTPS. Forensic indicators include the URL and domain (chrome-security-update.com), downloaded file and executable names, scheduled task, exfil domain, and MD5: 4c2f6d4a1b7e5d097e3d25f341b12aa9.