Chrome: fake accessories injected code in web pages - "TechnoTron"

Index:
Prologue
Look around... but you also infect
2 What to do if you downloaded the plug-in?



Prologue


CHROME, BROWSER, INTERNET, VIRUS, MALWARE


Since few days ago, in our research lab, we have a growth in the number of detections of the JS/Chromex.Submelius threat. In some countries in the region like Colombia, Peru, Ecuador and Chile, its percentage of detections has been between 30% and 40% of the total of each country.

It's a Trojan, which redirects the browser to a specific URL that contains other types of malicious content. Given the high levels of detection of this threat, which is focused on affecting Chrome, one of the most popular in the present day web browsers, we realized the task of finding the way that this threat is spreading and how auser could fall into this trap.


JS/CHROMEX.SUBMELIUS



Look around... but you also infect

An example of how it is spreading this threat found on a popular site to watch movies online. One of the options to view the contents, once the user wants to start playback opens an additional window in the browser:

PLAYBACK ONLINE


For those who have ever visited such sites, this behavior should not be strange, since usually open those annoying windows that say "virus detected" or "work from home and make money". However, in this case the browser not redirected to another page with advertising as usual, but that leads to a site that asks you to go to another URL... and even that is do not click "Accept", not to appear the message.

ADD-IN


This redirect points to the download of a complement from Chrome Web Store. In the following screenshot is the address bar of the browser until the add-in is installed:

CHROME WEB STORE


If the user accept the download, appears a space beside the address with the complement icon bar, and if you click on it, goes to a new page with in Chrome Web Store that belongs to another new supplement. In this case, as you can see in the following screenshot, there are some recent comments about how useless that is this application:

INSTALLED PLUG-INS


Although at this point the playback of the movie has already started, the user's browser has been infected. Try to see the plug-ins installed on it, we find that is initially unloaded and that, with in the permissions you have, is the read and modify data from the visited web sites. This leaves an open window so that when the user visits a web site giving some kind of code on it:

CHROME EXTENSIONS


In this way, while the user browses the Internet you can see how suddenly open you new windows with information from your system, taking it to download malicious code, advertising or other content sites. This leads to an infinite loop that ultimately is going to help who is behind the deceptive snap.

ACEPT INSTALL




2 What to do if you downloaded the plug-in?


Where you've downloaded this malicious plug-in, you must remove it immediately of the Chrome browser. To do this, you can write "chrome://extensions" in the address bar and a time that you find it simply remove it.

As a precaution you should scan your computer with a trusted security solution torule out that you could have downloaded some other type of threat to your computer. In this case we recommend using our free ESET Online Scanner solution thatworks directly from the web browser.

As always, it is very important to be careful before you click and pay attention to web sites which are accessible, especially if they ask to download plug-ins. We've already seen other campaigns associated with Youtube, Facebook and other sites that have similar characteristics.

Therefore, we see that this type of campaigns are not isolated; in fact, there is a whole structure of redirects that will be described in more technical detail in a future article.

Return Above

 CHROME, BROWSER, INTERNET, VIRUS, MALWARE

Info: ESET

Comments

Post a Comment

Popular posts from this blog

Twitter: change your profile image by default, the end of snake eggs - "TechnoTron"

Image
Twitter: change your profile image by default TWITTER, TRENDS, SOCIAL NETWORKS, INTERNET, TECHNOLOGY The image of an egg that was assigned to new comers to the social network became synonymous with accounts created for the purpose of attacking others from anonymity. After having been replaced as the solution to the problem is still far. Since 2010, the default image that appeared in the new profiles of Twitter was a white egg, accompanied by a different background for each account. An entry of the blog you write responsible for the layout of the page, explains how the people who use the network to attack other users motivated change that image and the process that led to the gray silhouette that now replaces it. The idea behind the image that represents the rookies in the social network was simple: eggs were a temporary measure until the users choose an image that would be identified. It is positioning that after leaving the eggs, the users were as birds that fed ...
Keep reading

Windows 10: with Ubuntu Bash Console how to use it - TechnoTron

Image
Posted by: TechnoTron 2/28/2017 Source:     Xataka                                                                                                                                                     In April 2016 Microsoft had announced one of the great new features of Windows 10: the possibility of using a Linux console natively in this operating system thanks to the collaboration of Canonical, the company responsible for the development of Ubuntu. That option is available thanks to the arrival of the compilation 14316 of Windows 10, in which apart from other news we can start using the bash console...
Read more

WhatsApp: discover if you are spied on when using WhatsApp Web

Image
Index : Prologue 1.- WhatsApp Web, a tool that is too quiet 2.- How to protect your account from WhatsApp so no one can spy on web Prologue " WhatsApp Web goes well to use the messaging on the computer, but it is easy to spy on another person if you are logged in the browser with your mobile phone. Avoid this. "   The messaging application for excellence not only drag behind itself a huge popularity, a huge amount of controversy. Security, partnerships with Facebook... And a large number of users they see violating your privacy for couples, friends, family... that try to spy on their conversations. Spy on WhatsApp is one of the most common. And it is because it is in this application where we turned over our side more intimate. The worst thing is that it is quite easy to gain access to the conversations of another person with WhatApp Web . The company added few months ago a notification when you use the session in another part, but can be over...
Keep reading