Cyber-thieves Distributing Fake Chrome Updates Following Google’s Own Authentic Release
Google has just released its Chrome browser's upgrade that opened opportunity to cyber-criminals for creating fake updates which they're tricking end-users to install in anticipation of filching their Internet-banking credentials, cautions GFI Software, the security company.
Reportedly, on 11th January 2013 Google's recent update became available as it plugged 24 security loopholes of the browser software. The normal time by when Google revises Chrome is 6-8 weeks and this is sufficient time for cyber-crooks to get end-users ensnared.
Incidentally, imitating the identical ruses employed previously, cyber-crooks have laid the traps on online sites that pretend to be from Google. The update notification takes onto certain website, which utilizes the legitimate font of Google, as also exhibits 'Chrome's' logo. These more-or-less convince site visitors for downloading one .exe file named "Update-Google-Chrome" that apparently indicates it's to ensure the user is safeguarded via the web-browser's most recent update, reports GFI.
In practice, when consumers surf with Google they somewhat get saved via the Internet giant itself. But, suppose any unwitting consumer attempts at taking down the "update" while surfing through Chrome, Google would show an alert suggesting the executable maybe harmful.
Effectively, Security Researcher Chris Boyd at GFI Software observed that a website named Malwr.com listed the executable file. That website mentioned efforts for getting Password Manager of Firefox from local database. Thereafter VirusTotal's (non-chargeable malware scanner) comment section too showed the file as listed suggesting it could filch banking credentials, Boyd explained. Infosecurity-magazine.com published this dated January 11, 2013.
Boyd explained that the during the second listing, the file seemingly had association with the ZeuS banker Trojan for, a Domain Name System query the malware issued was to one website that was associated with BlackHole/ZBot assaults.
GFI said that the malware was Trojan.Win32.Cleaman.aj (v).
And like all malware the above-mentioned one too was undesirable therefore Chrome-users interested in updates must surely go through the information within Chrome's associate page, advised Researcher Boyd. Gfi.com published this dated January 11, 2013.
Meanwhile, as fake upgrades didn't necessarily emerge after every Chrome revision, criminals might lay more traps during days ahead, GFI Software concluded.
Related article: Cyber Attackers Move To Abandoned Sites
» SPAMfighter News - 24-01-2013