Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Bank-Fraud Malware not Identified by any AV hosted in Chrome Web Store


The most recent to slip through in last few months is the discovery of a banking malware piece, which was hiding behind the Chrome extension of Google's Chrome Web Store for 2nd time in almost 2 weeks. Several nefarious applications are infecting systems across the world by using the download platform, whereas many are able to avoid the anti-malware solutions that were used most commonly.


Certainly, while few of the anti-virus solutions were better than the others, sometimes a malware piece is so sophisticated that it can evade detection by all anti-virus solutions. This recent infectious Trojan got detected on Chrome Web Store, and the trojan masquerades as "Interface Online" extension. It avoids getting detected by 58 most popular anti-viral applications.


While installed, Interface Online extension uploaded minimum two times during last 17 days, secretly monitors all the connections made with Google Chrome browser. Once the users visit particular pages programmed into code, the extension then activates the JavaScript routine which logs user name as well as password entered in the form. After this, the extension uploads them to the server that was under attacker's control.


Renato Marinho, Chief Research Officer of the Morphus Labs and SANS Institute volunteer, reported that the extension was a part of a scam affecting the Brazilian bank customers after which officials of Google removed the extension on Tuesday. It had been available from 31st July and was downloaded 30 times. But the same extension reappeared on Wednesday, and showed that it already had received 23 downloads. It was available for download here for many hours after this post went alive although Marinho said that he reported about the reposting of app on Google. Arstechnica.com posted on August 17th, 2017, quoting an email sent by spokesman of Google stating "the extension was finally removed."


Although to download any software from the vetted sources is just a smart way to evade from being struck by malware, when nefarious authors of the malware can host the malware on services, such as Chrome Web Store, it becomes very difficult to avoid them.


Marinho has recommended that the Google allow 2-factor authentication for the accounts on their Web Store for restricting this problem, and then encourage the developer practices which restrict extension for accessing to passwords as well as other credentials.

ยป SPAMfighter News - 24-08-2017

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next