Cyber-Crooks Continue to Misguide Users with Forbidden Chrome Extensions

In spite of Google declaring about its prohibition of those extensions of Chrome which aren't listed in its Web-store, online miscreants keep on luring end-users pledging the provision of those very components, according to Trend Micro the security company.

Cyber-criminals use the largely-accessed sources of communication for serving malicious software, and one of them is Facebook Messenger. Through this medium, messages supposedly arrive from close acquaintances directing the recipient that he should browse for a web-page asserting there will be attractive video content in it.

According to Trend Micro's Fraud Analyst Christopher Talampas, he got one such missive, while going to the online site he discovered certain web-page resembling Facebook's design as well as one online video player, which asserted as offering certain YouTube content, thus reported softpedia.com, May 27, 2015.

The above is enough evidence of a deceitful trap as Fecebook's video player doesn't look like any of YouTube.

But, Talampas continued to browse the web-page while pulled down one automatically served file known as "Chrome_Video_installer.scr, actually a malicious executable whose name gives it an appearance of a harmless extension of Chrome browser essential for running the video.

Researchers detect this automatically served file to be TROJ_KILIM.EFLD that tries pulling down a separate file perhaps the last malware. Nevertheless, users require noting that variants of KILIM malicious program are actually malevolent plug-ins and extensions of Chrome. These variants as well spam out messages from Facebook that infect systems.

When such an assault takes place, victims become so duped that they follow the web-link due to factors like the sender of the message is some friend from Facebook and not any unknown person, while the same name of the recipient is used as addressee that he posted to his Facebook account and finally the message is very informally written inducing the victim towards reading it.

In addition, a condensed web-link in the message too makes the lure obfuscated.

Meanwhile, there has been deactivation of the fraudulent website.

According to Talampas, 36% of people visiting Facebook's particular fraudulent web-page are based at the Philippines, while 5% are based within USA. Scmagazine.com reported this, May 27, 2015.

» SPAMfighter News - 6/5/2015