Related Stories

Top 5 Stories


Fake Google Chrome updates unleash banking trojan

11 January 2013

A ploy targeting consumers with bogus Google Chrome browser updates is spreading Zeus-like banking malware to unsuspecting web surfers.

Chris Boyd, a researcher with security firm GFI Software, uncovered the scam, which is a reprise of a similar technique from a few months ago – and the file itself has been spotted on 14 websites since October. In both cases, the propagation technique relies on consumer ignorance.

“’Oh hey, a new Chrome update! I’d better hurry up and download the file from this random website with no apparent connection to anything remotely related to my web browser’”, wrote Boyd. “There are things better left unsaid, and the above is probably floating around near the top somewhere.”

The update alert leads to a website using Google’s official font and displaying the Chrome logo, which urges users to download an executable file: “Update Google Chrome: To make sure that you’re protected by the latest security updates.”

Google itself is somewhat to the rescue, however: if the unsuspecting consumer tried to download the ‘update' from within Chrome itself, Google pops up a warning that the executable file “appears malicious.”

Boyd noted that the file is listed at “which mentions attempts to access Firefox’s Password Manager local database – meanwhile, it’s listed on the comments section of [free online malware scanner] VirusTotal as being capable of stealing banking credentials.”

In the latter case, the file appears to be related to the Zeus banking trojan. “Indeed, one of the DNS requests made is to a site by the malware is related to ZBot / Blackhole exploit kit attacks,” Boyd said.

Zeus is the undisputed king of the banking trojan scene, having become widespread and extremely effective. Once it infects a PC, Zeus monitors all outgoing browser requests and collects credentials and personal information entered into any forms – such as login details for online banking. It is also capable of modifying incoming web pages and uses this capability against the PC’s user.

“Put simply, you don’t want this anywhere near your computer and users of Chrome curious about updates should simply read the information on the relevant Google Chrome support page,” Boyd concluded.

This article is featured in:
Application Security  •  Data Loss  •  Industry News  •  Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×