{"id":5686,"date":"2010-04-20T11:32:52","date_gmt":"2010-04-20T01:32:52","guid":{"rendered":"http:\/\/power-up.space\/?p=5686"},"modified":"2010-04-20T11:32:52","modified_gmt":"2010-04-20T01:32:52","slug":"malware-masquerades-as-google-chrome-extensions","status":"publish","type":"post","link":"https:\/\/www.impulsegamer.com\/wordpress\/?p=5686","title":{"rendered":"Malware masquerades as Google Chrome Extensions"},"content":{"rendered":"<p><strong>Malware masquerades as Google Chrome Extensions &#8211; <\/strong><strong><em>Spammers tap into increasing popularity of Google browser to spread malware\u00a0<\/em><\/strong><strong>\u00a0<\/strong><\/p>\n<p><strong><em>SYDNEY &amp; AUCKLAND<\/em><\/strong><strong> \u2013 20 April, 2010<\/strong> <strong>\u2013<\/strong> Spammers are targeting Google Chrome users this week, infecting their systems with malware through a fake browser extension. Google Chrome users receive an unsolicited e-mail, which announces that a new extension of their favorite browser has been developed to enable easier organisation of documents received in their e-mails.<\/p>\n<p>A suspicious link prompts recipients to download the new extension.\u00a0 Once clicked, the link redirects to a lookalike of the Google Chrome Extensions page, which, instead of the promised extension, a fake application that infects systems with malware is downloaded.<\/p>\n<p>Although the application has the same description as that of an authentic Google Chrome Extension, the first sign that inquisitive users will notice is that instead of the expected \u2018.crx\u2019 file extension, the fake features a dangerous \u2018.exe\u2019 tail.<\/p>\n<p>Identified by BitDefender as Trojan.Agent.20577, the application modifies the Windows HOSTS file in an attempt to block access to Google and Yahoo web pages. Every time users want to access them by typing in \u201cgoogle.[xxx]\u201d or \u201c[xx].search.yahoo.com\u201d in their web browsers, they will be redirected to another IP:\u00a0 89.149.xxx.xxx . This allows the malware creators to intercept the victims\u2019 requests to reach the respective sites. In this way, users are redirected to the cybercriminals\u2019 own malware-laden versions of those sites.<\/p>\n<p>As more and more people use <a href=\"wlmailhtml:{912E957C-4F18-4B24-83B9-FA97839F0302}mid:\/\/00000008\/!x-usc:http:\/\/www.webdevelopersnotes.com\/articles\/chrome_usage_statistics.php\">Google Chrome<\/a> and its enhanced functionalities to browse the net and to organise information, cybercriminals have set their minds on exploiting this environment to spread malware and steal users\u2019 information.<\/p>\n<p>Google Chrome users who believe they may have been infected by the malware, can use BitDefender\u2019s free online scanner to check: <a href=\"wlmailhtml:{912E957C-4F18-4B24-83B9-FA97839F0302}mid:\/\/00000008\/!x-usc:http:\/\/www.bitdefender.com\/scanner\/online\/free.html\">http:\/\/www.bitdefender.com\/scanner\/online\/free.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malware masquerades as Google Chrome Extensions &#8211; Spammers tap into increasing popularity of Google browser to spread malware\u00a0\u00a0 SYDNEY &amp; AUCKLAND \u2013 20 April, 2010 \u2013 Spammers are targeting Google Chrome users this week, infecting their systems with malware through a fake browser extension. Google Chrome users receive an unsolicited e-mail, which announces that a<\/p>\n<p class=\"more-link\"><a href=\"https:\/\/www.impulsegamer.com\/wordpress\/?p=5686\">Read More\u2026<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5686","post","type-post","status-publish","format-standard","hentry","category-game-news"],"_links":{"self":[{"href":"https:\/\/www.impulsegamer.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/5686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.impulsegamer.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.impulsegamer.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.impulsegamer.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.impulsegamer.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5686"}],"version-history":[{"count":1,"href":"https:\/\/www.impulsegamer.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/5686\/revisions"}],"predecessor-version":[{"id":5687,"href":"https:\/\/www.impulsegamer.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/5686\/revisions\/5687"}],"wp:attachment":[{"href":"https:\/\/www.impulsegamer.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.impulsegamer.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.impulsegamer.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}