Bogus Steam Key Generator Masquerades as Spyware

GFI Labs the computer security company lately cautioned of one fresh Trojan spyware that circulating online pretended to be a keygen, short form of key generator, which was used while playing Steam the Internet game.

The security company stated that YouTube videos produced Internet sites, which on accessing took onto public portals that supposedly provided the "Generator.exe" keygen for download.

Communications and Research Analyst Jovi Umawing said that upon executing the file, no visible operation appeared on the user's computer-screen. Invisibly though, the Generator.exe keygen for Steam Game planted a file named 7.0.1428.crx, an extension file for Google Chrome that, however, was certain Trojan spyware harbored on theonlyone(dot)goodluckwith(dot)us. Taking the user's permission, the .crx file was subsequently planted onto Chrome, Umawing described. Help Net Security published this dated May 29, 2012.

Additionally the analyst pointed out that Chrome extensions were zipped archives of CSS, HTML, JS or JavaScript, graphics or images as also any other file format one required, which increased the features of the Chrome Web-browser.

The .crx file extension meanwhile, masqueraded as the genuine 'Avast! WebRep' browser plug-in, which's the AVAST Software security software firm's tool for rating websites. Any single person or group responsible for Avast! WebRep utilized the aforementioned approach for keeping invisible the file's malevolent operations, Umawing elaborated.

The false plug-in, reportedly ran dual JavaScript files inside it namely background.js and webProtection.js.

The webProtection.js sought strings associated with Internet games as well as e-mail accounts within URLs opened inside the user's browser. It waited till the user hit the "submit" button when it intercepted his username and password along with the full URL address.

The malicious file carefully watched Google as also Gameforge strings since the domain was stored while web-pages logged out inside a cookie from sites carrying those strings.

The background.js subsequently transmitted the cookie onto theonlyone(dot)goodluckwith(dot)us/request(dot)php?, and also the details regarding the Chrome version that the end-user was using.

GFI Labs states that its researchers have identified the so-called key generator as Trojan.Win32.Cromex.a as also the JavaScript files -Trojan.Js.Win32.Cromex.a.

The company concludes that meanwhile, someone has apparently crafted several YouTube profiles solely for still spreading the fake key-generator.

Related article: Bugs Swell In Browsers in 2006

ยป SPAMfighter News - 09-06-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next