Chrome browser users are being targeted by a Trojan that pushes them away from the regular Google and Yahoo search websites to fake sites that download more malware onto their systems. The Trojan is added to users’ computers if they follow a link to a fake update for the Google Chrome browser.
The attack begins when Google Chrome users receive an unsolicited email that tells them of a new extension for their browser, which will allow them to access documents from their emails.
“An apparently unsuspicious link is provided, and the recipients are advised to follow it in order to download the new extension,” said security firm BitDefender.
“Once they click the link, they are redirected to a look-alike of the Google Chrome Extensions page, which, instead of the promised extension, provides them with a fake application that infects their systems with malware.”
The sham application has the same description as that of an original Google Chrome Extension, but uses a .exe extension instead of the expected .crx extension.
“The application modifies the Windows HOSTS file in an attempt to block access to Google and Yahoo webpages,” BitDefender added.
“This allows the malware creators to intercept the victims’ calls to reach the respective sites. In this way, the credulous users will be redirected to the cybercriminals’ own malware-laden versions of those sites.”