Bank-Fraud Malware not Identified by any AV hosted in Chrome Web Store
The most recent to slip through in last few months is the discovery of a banking malware piece, which was hiding behind the Chrome extension of Google's Chrome Web Store for 2nd time in almost 2 weeks. Several nefarious applications are infecting systems across the world by using the download platform, whereas many are able to avoid the anti-malware solutions that were used most commonly.
Certainly, while few of the anti-virus solutions were better than the others, sometimes a malware piece is so sophisticated that it can evade detection by all anti-virus solutions. This recent infectious Trojan got detected on Chrome Web Store, and the trojan masquerades as "Interface Online" extension. It avoids getting detected by 58 most popular anti-viral applications.
Renato Marinho, Chief Research Officer of the Morphus Labs and SANS Institute volunteer, reported that the extension was a part of a scam affecting the Brazilian bank customers after which officials of Google removed the extension on Tuesday. It had been available from 31st July and was downloaded 30 times. But the same extension reappeared on Wednesday, and showed that it already had received 23 downloads. It was available for download here for many hours after this post went alive although Marinho said that he reported about the reposting of app on Google. Arstechnica.com posted on August 17th, 2017, quoting an email sent by spokesman of Google stating "the extension was finally removed."
Although to download any software from the vetted sources is just a smart way to evade from being struck by malware, when nefarious authors of the malware can host the malware on services, such as Chrome Web Store, it becomes very difficult to avoid them.
Marinho has recommended that the Google allow 2-factor authentication for the accounts on their Web Store for restricting this problem, and then encourage the developer practices which restrict extension for accessing to passwords as well as other credentials.
» SPAMfighter News - 8/24/2017