Malware Masquerading as Google Chrome Extension

BitDefender's Malware City blog is warning users about what it considers to be the first case of malware spreading via a fake Google Chrome extension.

The threat cycle begins with an e-mail advertising a new extension that "will help you to better organize your documents received in your e-mail." The e-mail includes a link that leads to a fake Google Chrome extensions page. This page presents a link not to an extension (which has a .crx file extension) but to a Trojan horse program with a .exe file extension.

The Trojan modifies the Windows HOSTS file to block access to Yahoo's and Google's pages. They are instead redirected to fake versions of those sites. BitDefender identifies the threat as Trojan.Agent.20577.

It's important to note that Google and Chrome really play no role in this threat.

Originally posted on PCMag's Security Watch blog.

Apr 20, 2010 11:11


Sender name is required
Email is required
Characters left: 500
Comment is required