Trojan disguised as latest Chrome update

IDG Reporter by IDG Reporter - January 13th, 2013

Following Google’s recent upgrade of Chrome, a new wave of bogus updates has been set upon the Internet by cyber criminals looking to steal online banking credentials and cause other problems for users.

Google released its upgrade on Thursday, providing users with higher performing software and patching 24 security vulnerabilities. Because Google usually refreshes the browser every six to eight weeks, cyber criminals are often treated to a dependable opportunity to lay traps for users.

Mimicking the same tricks that have been used in the past, the snares are set on websites designed as if they are from Google, security vendor GFI Software reported on Friday. The sites urge the visitor to “Update Google Chrome: To make sure that you’re protected by the latest security updates.”

People attempting  to download the file while using Chrome will get a warning that they are trying to install a file that “appears malicious.” Those who do not hit the discard button will download malware that has been seen on more than 12 sites since October.

The Trojan, named google_chrome_update.exe, is designed to steal online banking credentials in order to make unauthorised wire transfers to the attackers’ accounts. The malware is a member of the Zeus family, which is widely known for stealing bank account data, while also monitoring Internet activity to steal other personal data.

Indeed, the malware makes a DNS request to a site connected to a Zeus botnet created with the Blackhole exploit kit, Chris Boyd, a senior threat researcher for GFI, said in a blog post.

“Put simply, you don’t want this anywhere near your computer, and users of Chrome curious about updates should simply read the information on the relevant Google Chrome support page,” he said.

While bogus upgrades do not follow every Chrome update, GFI expects criminals to set more traps in the future. “We do expect [cyber criminals] to continue using fake browser upgrades to entice users into downloading their malware,” said Dodi Glenn, an antivirus product manager for GFI.

Chrome is unlikely to be the only target of such attacks. “There have been several fake Firefox updates in 2011 and 2012 released into the wild,” Glenn said.

Early last year, Google added malware download protection to Chrome. The feature blocks downloads from known malicious sites. Apple Safari, Mozilla Firefox and Microsoft Internet Explorer have similar features.




Cloud 360 Roadshow 2014 - Doha, Dubai, Riyadh Cloud 360 Roadshow 2014 - Doha, Dubai, Riyadh

Copyright 2014 Computer News Middle East. All rights reserved. Product of CPI Media Group. For more information e-mail us at webmaster@cpimediagroup.com. Privacy Policy