Fake Google Chrome updates unleash banking trojan

Chris Boyd, a researcher with security firm GFI Software, uncovered the scam, which is a reprise of a similar technique from a few months ago – and the file itself has been spotted on 14 websites since October. In both cases, the propagation technique relies on consumer ignorance.

“’Oh hey, a new Chrome update! I’d better hurry up and download the file from this random website with no apparent connection to anything remotely related to my web browser’”, wrote Boyd. “There are things better left unsaid, and the above is probably floating around near the top somewhere.”

The update alert leads to a website using Google’s official font and displaying the Chrome logo, which urges users to download an executable file: “Update Google Chrome: To make sure that you’re protected by the latest security updates.”

Google itself is somewhat to the rescue, however: if the unsuspecting consumer tried to download the ‘update' from within Chrome itself, Google pops up a warning that the executable file “appears malicious.”

Boyd noted that the file is listed at Malwr.com “which mentions attempts to access Firefox’s Password Manager local database – meanwhile, it’s listed on the comments section of [free online malware scanner] VirusTotal as being capable of stealing banking credentials.”

In the latter case, the file appears to be related to the Zeus banking trojan. “Indeed, one of the DNS requests made is to a site by the malware is related to ZBot / Blackhole exploit kit attacks,” Boyd said.

Zeus is the undisputed king of the banking trojan scene, having become widespread and extremely effective. Once it infects a PC, Zeus monitors all outgoing browser requests and collects credentials and personal information entered into any forms – such as login details for online banking. It is also capable of modifying incoming web pages and uses this capability against the PC’s user.

“Put simply, you don’t want this anywhere near your computer and users of Chrome curious about updates should simply read the information on the relevant Google Chrome support page,” Boyd concluded.

Fake Google Chrome updates unleash banking trojan

You may also like

Hand of Thief Banking Trojan Takes Aim at 'Secure' Linux OS

Bugat Malware Adds GameOver Functionality

Meet Zberp: Unholy Spawn of Two Top Crimeware Bugs

Move Over Zeus: KINS Banking Trojan Looks to Be the Next Great Financial Crimeware

DR Web discovers the first Linux/OSX cross-platform trojan

What’s hot on Infosecurity Magazine?

Russia's Sandworm Upgraded to APT44 by Google's Mandiant

New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads

UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

Trust in Cyber Takes a Knock as CNI Budgets Flatline

US Government and OpenSSF Partner on New SBOM Management Tool

New LockBit Variant Exploits Self-Spreading Features

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

Banning Ransomware Payments Will Do More Harm Than Good

Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies

Report Suggests 93% of Breaches Lead to Downtime and Data Loss

FBI Warns of Massive Toll Services Smishing Scam

Russia and Ukraine Top Inaugural World Cybercrime Index

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Beyond Passwords: Securing the Digital Age with MFA, 2FA, and Passwordless Authentication

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Cracking the Culture Code: Building a Cybersecurity-Aware Workforce

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024