This report details a malicious campaign where adversaries used fake browser update prompts to lure victims into downloading and executing malware. The infection chain begins with injected malicious JavaScript code on compromised websites that redirect users to pages mimicking legitimate browser update sites. These fake update sites host ZIP archives containing PowerShell scripts responsible for downloading and executing BitRAT and Lumma Stealer malware. The report provides in-depth analysis of the attack flow, payload characteristics, encryption routines, and command-and-control infrastructure leveraged by these malware families.