Google’s Chrome browser seems to have attracted more than just its fair share of users wanting to try it out. Seemingly, the browser is the latest stop for cybercriminals to spread malware and steal user information. BitDefender claims to have identified a Trojan faking it as a Google Chrome extension.
According to the company, users of Google Chrome receive an undesirable email that reveals a new extension for their favorite browser being developed. The extension claims to allow users access of their documents from emails. Provided with an apparently unsuspicious link, recipients are then suggested to follow it to download the new extension.
On clicking the link, users are taken to a page similar to that of the Google Chrome Extensions one. Instead of the extension, the page offers users a fake application which could infest their system with malware. The sham application also appears to bear a description similar to an original Google Chrome extension. However instead of the anticipated ‘.crx’ extension, it features an ‘.exe’ tail.
The application has been identified as Trojan.Agent.20577 and has the ability to alter the Windows HOSTS file. It may do so in its attempt to block access to Google and Yahoo webpages. Each time users wish to gain access to them and write ‘google.[xxx]’ or ‘[xx].search.yahoo.com’ in the web browser, they will be redirected to another IP: 89.149.xxx.xxx . Seemingly this will permit malware creators to intercept the victims’ calls to gain access to the respective sites.
With Chrome being extensively used now, venturers might just want to be a tad extra careful.