Fake Browser Update — Scripting Interpreter Spawned by Browser Process

Detects when Chrome, Firefox, or Edge spawns a scripting interpreter or proxy execution binary, the primary delivery mechanism in SocGholish and FakeUpdates campaigns. These campaigns distribute ransomware and banking malware families including IcedID, Dridex, and Cobalt Strike beacons via compromised or malicious websites serving fake update pages.