Spammers are targeting Google Chrome users this week,
infecting their systems with malware through a fake browser extension.
Google Chrome users receive an unsolicited email, which
announces that a new extension of the browser has been developed to enable
easier organisation of documents received in their emails. A suspicious link
prompts recipients to download the new extension. Once clicked, the link redirects to a
lookalike of the Google Chrome Extensions page, which, instead of the promised
extension, a fake application that infects systems with malware is downloaded.
Although the application has the same description as that of
an authentic Google Chrome Extension, the first sign that users will notice is
that instead of the expected ‘.crx’ file extension, the fake features a
dangerous ‘.exe’ tail.
BitDefender as Trojan.Agent.20577, the application modifies the Windows HOSTS
file in an attempt to block access to Google and Yahoo web pages. Every time
users want to access them by typing in “google.[xxx]” or
“[xx].search.yahoo.com” in their web browsers, they will be redirected to another
address. This allows the malware creators to intercept the victims’ requests to
reach the respective sites. In this way, users are redirected to the
cybercriminals’ own malware-laden versions of those sites.
Google Chrome users who believe they may have been infected
by the malware, can use BitDefender’s free online scanner to check: www.bitdefender.com/scanner/online/free.html