Malware masquerades as Google Chrome Extensions – Spammers tap into increasing popularity of Google browser to spread malware
SYDNEY & AUCKLAND – 20 April, 2010 – Spammers are targeting Google Chrome users this week, infecting their systems with malware through a fake browser extension. Google Chrome users receive an unsolicited e-mail, which announces that a new extension of their favorite browser has been developed to enable easier organisation of documents received in their e-mails.
A suspicious link prompts recipients to download the new extension. Once clicked, the link redirects to a lookalike of the Google Chrome Extensions page, which, instead of the promised extension, a fake application that infects systems with malware is downloaded.
Although the application has the same description as that of an authentic Google Chrome Extension, the first sign that inquisitive users will notice is that instead of the expected ‘.crx’ file extension, the fake features a dangerous ‘.exe’ tail.
Identified by BitDefender as Trojan.Agent.20577, the application modifies the Windows HOSTS file in an attempt to block access to Google and Yahoo web pages. Every time users want to access them by typing in “google.[xxx]” or “[xx].search.yahoo.com” in their web browsers, they will be redirected to another IP: 89.149.xxx.xxx . This allows the malware creators to intercept the victims’ requests to reach the respective sites. In this way, users are redirected to the cybercriminals’ own malware-laden versions of those sites.
As more and more people use Google Chrome and its enhanced functionalities to browse the net and to organise information, cybercriminals have set their minds on exploiting this environment to spread malware and steal users’ information.
Google Chrome users who believe they may have been infected by the malware, can use BitDefender’s free online scanner to check: http://www.bitdefender.com/scanner/online/free.html