Researchers have uncovered a new social engineering trick that leads users to a malicious extension from Google Chrome impersonating to deliver Adobe’s Flash Player in order to lure victims in a click fraud campaign.
Security experts at TrendMicro believe that the malware is triggered by
opening Facebook or Twitter via shortened links provided in any social
networking websites. Once clicked, the links may lead victims to a site
that automatically downloads the malicious browser extension.
MALWARE INVOLVES DOWNLOADING MULTIPLE MALICIOUS FILES
The process is quite complicated as the malware drops a downloader file
which downloads multiple malicious files on the victim’s computer.
Moreover, the malicious program also has ability to bypass Google's
recent security protection added to Chrome against installation of
browser extensions that are not in Chrome Web Store.
Researchers came across a baiting tweet that advertises “Facebook Secrets”,
claiming to show videos that are not publicly available, along with a
shortened link that is to be clicked in order to get it. Curious users
easily fall victim to such campaign and click the given links to
download those videos.
What the user totally unaware of is that the file which he downloaded is a malware dropper with the name “download-video.exe”, detected as TROJ_DLOADE.DND, according to fraud analyst Sylvia Lascano of the security firm Trend Micro.
This malicious file then is used to drop additional malware into the
victims’ computer, one such is a Chrome browser extension which
masquerades as Flash Player, which could be used for more offensive
threats designed to steal victims’ credentials for various online
services.
No comments:
Post a Comment