Malware City/Blog/

Apr
19
Filed Under:
ALERTS

Trojan as Fake Google Chrome Extension

19 April 2010
As more and more people are using Google Chrome and its functionalities to browse the net and to organize information, cybercriminals have set their minds on exploiting this environment to spread malware and steal users’ information.

The story is simple: Google Chrome users receive an unsolicited e-mail which announces that a new extension of their favorite browser has been developed to facilitate their access to documents from e-mails.

GCHExt spam mess

Fig. 1 The spam message used to popularize the malicious link

An apparently unsuspicious link is provided, and the recipients are advised to follow it in order to download the new extension.  Once they click the link, they are redirected to a look-alike of the Google Chrome Extensions page, which, instead of the promised extension, provides them with a fake application that infects their systems with malware.

Although the sham application has the same description as that of an original Google Chrome Extension, the first sign the more inquisitive users will get about it not being what they were looking for should be the fact that instead of the expected “.crx” extension, it features a flamboyant “.exe” tail.

alerta google chrome extension

Fig. 2 The Trojan’s hideaway

Identified by BitDefender as Trojan.Agent.20577the application modifies the Windows HOSTS file in an attempt to block access to Google and Yahoo webpages. Every time users want to access them and write “google.[xxx]” or “[xx].search.yahoo.com” in the web browser, they will be redirected to another IP:  89.149.xxx.xxx . This allows the malware creators to intercept the victims’ calls to reach the respective sites. In this way, the credulous users will be redirected to the cybercriminals’ own malware-laden versions of those sites.

The malware description was made available courtesy of Daniel Chipiristeanu, BitDefender virus researcher





By Sabina Datcu
Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.

Related

12-04-2010 | iPhone Unlocking Tricks get PCs into Trouble

09-04-2010 | Malware-Loaded Spam Waves Generously Wash the Shores of Facebook® and MySpace(TM)

08-04-2010 | Playing Games with Your E-Self.

01-04-2010 | Phishers Bank on HSBC Customers for Pocket Money

Comments:

cob05 said on Apr-20-2010 09:56

Use Linux people! Windows is a malware haven... Walk through the internets with God mode on!

saravanan said on Jul-11-2010 10:06

bitdefenders products must be increased.gdata is better

Dirk said on Feb-2-2011 10:36

Use Apple people! Windows is a malware haven... Walk through the internets with God mode on! ;-)

munim said on Mar-5-2011 00:12

the ad-blocking extension "Adblock Plus" is now available for Google Chrome and can be downloaded from "https://chrome.google.com/extensions/detail/cfhdojbkjhnklbpkdaibdccddilifddb"

Security Tool said on Mar-5-2011 01:27

The tale is naive: Google Plate users find an unsolicited e-mail which announces that a new prolongation of their pet application has been developed to alleviate their hit to documents from e-mails.

_____________________
rcruz

best antivirus said on Mar-20-2011 18:57

I did not aware of this, I knew little bit about it even that I also I read somewhere. But thie thing happens most of the time whenever I use internet, Some websites ask for update or install something. Once we click the link, we are redirected to a different page and here everything goes wrong.

Switch plate covers said on Aug-7-2011 02:46

Now that Chrome is a popular browser, it's becoming a larger target for malware and trojan exploits... The Trojan is added to user computer if he follows a link to a fake update for the Google Chrome browser. This is why it's *extremely* important to download and install ONLY extensions from trusted producers.

InstinctIS said on Sep-13-2011 14:24

Hey, thanks for sharing your favorite extension, had a hard time finding some myself, so if one is in need of a simple (click and go) SEO Analysis Extension for Chrome wich points to some quite detailed seo analysis page, fell free to check out:
https://chrome.google.com/webstore/detail/ppfolebjlgokkllhjjeilgalbhnoceep

Osteoporosis symptoms said on Dec-22-2011 03:34

I knew little bit about it even that I also I read somewhere. But thie thing happens most of the time whenever I use internet, Some websites ask for update or install something. Once we click the link, we are redirected to a different page and here everything goes wrong.

Comment on this

Name:

Email:

Website:

Your email adress will not be published.