Fake Google Chrome Extension Used to Distribute Malware

According to BitDefender, a Romanian software security firm, the latest target of spammers is now Google Chrome. spammers are targeting Google Chrome users' machines with malware through a bogus browser extension, as per the news published by SMARTHOUSE on April 20, 2010.

Reportedly, as increasing number of people have started using Google Chrome and its utilities to surf the Internet and to manage information, cyber felons have also switched and made their minds to exploit this milieu in order to distribute malware and thieve users' details.

According to BitDefender, users of Google Chrome get an unwanted e-mail. This e-mail announces the development of a new extension of their most preferred browser which enables easier management of documents they received in their e-mails, as per the news published by SMARTHOUSE on April 20, 2010.

"A NEW Google Chrome Extension" is the subject of the fake e-mail, as per the report.

The e-mail contains a link and the receiver is suggested to follow it if he/she wants to download the new extension. The moment this link is clicked, the malicious Web page sends a program which modifies Hosts file of Windows to pass on Yahoo and Google searches to a false Google Chrome Extensions page website which facilitates downloading of other malware.

Though the application is described on the lines similar to a genuine Google Chrome Extension, the first thing that will catch the attention of inquisitive users is that the fake has a dodgy '.exe' extension instead of the '.crx' file extension, as told by a company spokesperson.

BitDefender has identified the Trojan horse as the Agent-20577. This Trojan blocks the access to Yahoo and Google Web pages. Attempts to visit these sites on the infected systems are hijacked and passed on to fake websites.

BitDefender further commented that users will be redirected to the IP 89.149.xxx.xxx every time the users want to access those Web pages by typing "[xx].search.yahoo.com" or "google.[xxx]" in the Web browser, This facilities the malware developers to interrupt the requests of the victims to reach the relevant sites. In this way, the victims are transferred to the cyber assailants' own malicious variants of those authentic websites, as per the news published by SMARTHOUSE on April 20, 2010.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 4/29/2010