Bogus Chrome extension hosts malware
Spammers are targeting Google Chrome users this week,infecting their systems with malware through a fake browser extension.
Google Chrome users receive an unsolicited email, whichannounces that a new extension of the browser has been developed to enableeasier organisation of documents received in their emails. A suspicious linkprompts recipients to download the new extension. Once clicked, the link redirects to alookalike of the Google Chrome Extensions page, which, instead of the promisedextension, a fake application that infects systems with malware is downloaded.
Although the application has the same description as that ofan authentic Google Chrome Extension, the first sign that users will notice isthat instead of the expected ‘.crx’ file extension, the fake features adangerous ‘.exe’ tail.
Identified byBitDefender as Trojan.Agent.20577, the application modifies the Windows HOSTSfile in an attempt to block access to Google and Yahoo web pages. Every timeusers want to access them by typing in “google.[xxx]” or“[xx].search.yahoo.com” in their web browsers, they will be redirected to anotheraddress. This allows the malware creators to intercept the victims’ requests toreach the respective sites. In this way, users are redirected to thecybercriminals’ own malware-laden versions of those sites.
Google Chrome users who believe they may have been infectedby the malware, can use BitDefender’s free online scanner to check: www.bitdefender.com/scanner/online/free.html