By April 20, 2010

Trojan Poses as Fake Google Chrome Extension

BitDefender_logo I came across this piece of news late last night and thought I would share it with you all as I know that quite a large number of our visitors use Google Chrome web browser to view the site.

Now that Chrome more popular it would seem that it’s becoming a larger target for malware and trojan exploits. More details have emerged of a particular threat the details of which you can find below from BitDefender.

BitDefender has warned that, as more and more people are using Google Chrome and its functionalities to browse the net and to organise information, cybercriminals are setting their minds on exploiting this environment to spread malware and steal users’ information.

The story is simple: Google Chrome users receive an unsolicited e-mail which announces that a new extension of their favourite browser has been developed to facilitate their access to documents from e-mails.

An apparently unsuspicious link is provided, and the recipients are advised to follow it in order to download the new extension. Once they click the link, they are redirected to a look-alike of the Google Chrome Extensions page, which, instead of the promised extension, provides them with a fake application that infects their systems with malware.

Although the sham application has the same description as that of an original Google Chrome Extension, the first sign the more inquisitive users will get about it not being what they were looking for should be the fact that instead of the expected “.crx” extension, it features a flamboyant “.exe” tail.

Identified by BitDefender as Trojan.Agent.20577 the application modifies the Windows HOSTS file in an attempt to block access to Google and Yahoo webpages. Every time users want to access them and write “google.[xx]” or “[xx]” in the web browser, they will be redirected to another IP: 89.149.xx.xx . This allows the malware creators to intercept the victims’ calls to reach the respective sites. In this way, the credulous users will be redirected to the cybercriminals’ own malware-laden versions of those sites.
For more information on BitDefender and the latest security alerts visit:


Posted by: Matt

Posted in: News

About the Author:

More than 20 years in the IT industry. Blogging with a passion and thirst for new technology since 2005.
Loading Facebook Comments ...

Post a Comment

No Trackbacks.