Malware Can Bypass Chrome Extension Security Feature Easily

[Bloodyvalley]

 

 

Researchers have uncovered a new social engineering trick that leads users to a malicious extension from Google Chrome impersonating to deliver Adobe’s Flash Player in order to lure victims in a click fraud campaign.

 

Security experts at TrendMicro believe that the malware is triggered by opening Facebook or Twitter via shortened links provided in any social networking websites. Once clicked, the links may lead victims to a site that automatically downloads the malicious browser extension.

 

MALWARE INVOLVES DOWNLOADING MULTIPLE MALICIOUS FILES

The process is quite complicated as the malware drops a downloader file which downloads multiple malicious files on the victim’s computer. Moreover, the malicious program also has ability to bypass Google's recent security protection added to Chrome against installation of browser extensions that are not in Chrome Web Store.

 

 

Researchers came across a baiting tweet that advertises “Facebook Secrets”, claiming to show videos that are not publicly available, along with a shortened link that is to be clicked in order to get it. Curious users easily fall victim to such campaign and click the given links to download those videos.

 

What the user totally unaware of is that the file which he downloaded is a malware dropper with the name “download-video.exe”, detected as TROJ_DLOADE.DND, according to fraud analyst Sylvia Lascano of the security firm Trend Micro.

 

This malicious file then is used to drop additional malware into the victims’ computer, one such is a Chrome browser extension which masquerades as Flash Player, which could be used for more offensive threats designed to steal victims’ credentials for various online services.

 

MALWARE BYPASSES GOOGLE’S SECURITY POLICY

In order to evade detection, the malware circumvents Google's security policy – which only allows extension installations hosted in the Chrome Web Store – by creating a folder in the browser's directory where it drops “browser extension components.”

The browser extension components that needs to be loaded are added to Chrome’s extension folder are as follows:

 

• manifest.json – contains browser extension description like name, script to load, version, etc.
• crx-to-exe-convert.txt – contains the script to be loaded, which can be updated anytime by connecting to a specific URL.

After all the data is parsed by the browser in the dropped component manifest.json, the extension is ready to work.

 

OPEN FACEBOOK OR TWITTER – BE A VICTIM OF CLICK FRAUD

Once installed, if a user visits Facebook or Twitter, the extension quietly opens a specific site in the background that is written in Turkish, which researchers believe is part of a click fraud or redirection scheme.

“

The site is written in Turkish and phrases such as ‘bitter words,’ ‘heavy lyrics,’ ‘meaningful lyrics,’ ‘love messages,’ and ‘love lyrics’ appear on the page. This routine could be a part of a click fraud or redirection scheme

,” fraud analyst Sylvia Lascano of the security firm Trend Micro said in a

blog post

.

SHORTENED LINK HELPED THREAT ACTORS

By the time researchers discovered the campaign, the tweets promoting the sophisticated malware dropper had been retweeted more than 6,000 times.

 

Here cyber criminals took help of shortened link in order to victimize a large number of victims because of the fact that the shortened link don’t have visibility of where it directs, and contributes to spreading the campaign.

 

So, in order to protect your computers against this sort of threats, avoid accessing links from any unknown and suspicious sources.

 

 

Source

 

One image:

[SirRoderick]

In before FF fanboys?

 

I do use it myself, but it's hardly perfect

[Deli]

I use neither Facebook nor Twitter. Good!

[Bloodyvalley]

In before FF fanboys?

 

I do use it myself, but it's hardly perfect

Sorry but I'm a FF fanboy so you're late

[Trik'Stari]

Oh look, trend micro, the service I use. WOOT. How/why has chrome caught on? I've heard nothing but bad things about it so far.

 

 

I use neither Facebook nor Twitter. Good!

Same, if your using those you deserve a virus because you are one.

[Ineko]

Same, if your using those you deserve a virus because you are one.

 

TIL that using popular social networking sites to stay in touch with family/old friends means you're a virus. Good to know.

[qwertywarrior]

i stopped using chrome when it stopped allowing me to run Utorrent .... (called it a malicious file)

[Trik'Stari]

TIL that using popular social networking sites to stay in touch with family/old friends means you're a virus. Good to know.

"Social networking" is degrading society and making people stupid, sorry. Try just calling someone and talking to them instead.

[AlwaysFSX]

-snips-

"Social networking" is degrading society and making people stupid, sorry. Try just calling someone and talking to them instead.

Not many people know what a house phone is anymore..

[Trik'Stari]

Not many people know what a house phone is anymore..

Same here. Growing up all anyone my age was willing (or capable) of talking about was who did/said/posted what to whom on facebook/myspace etc. Congratulations social media, you have killed not only intelligence in general, but the art of good conversation about things that actually matter.

 

Shut down facebook, before it's too late.

[Firearm2112]

I have been using google chrome on my mac for a while now. I may switch to safari, but is there a way to import all your bookmarks and what not?

[antoainb]

Meh. I'll continue to use it.

[Ineko]

"Social networking" is degrading society and making people stupid, sorry. Try just calling someone and talking to them instead.

 

I wouldn't say it's degrading society, I don't think people would be any less stupid if they had to call/text a friend instead of talking to them on Facebook.

[brownninja97]

Get malwarebytes anti-exploit it stops side downloads like this shit.

[Trik'Stari]

I wouldn't say it's degrading society, I don't think people would be any less stupid if they had to call/text a friend instead of talking to them on Facebook.

You'd be surprised. All any of the younger generations seem to care about is facebook bullshit, try talking politics and you might as well be speaking martian.

[Ineko]

You'd be surprised. All any of the younger generations seem to care about is facebook bullshit, try talking politics and you might as well be speaking martian.

 

Try to talking to an average teenager about politics 20-30 years ago and you'd probably get the same result.

[Trik'Stari]

Try to talking to an average teenager about politics 20-30 years ago and you'd probably get the same result.

uuuuummmm..... ever hear of the 60/70's? Teenagers used to be a lot smarter on average than they are now. At least more involved in the world around them.

[Ineko]

uuuuummmm..... ever hear of the 60/70's? Teenagers used to be a lot smarter on average than they are now. At least more involved in the world around them.

 

Care to provide a source for your claims? or are you just talking out of your ass?

[AlexGoesHigh]

Oh look, trend micro, the service I use. WOOT. How/why has chrome caught on? I've heard nothing but bad things about it so far.

 

 

Same, if your using those you deserve a virus because you are one.

facebook does deserves all the shit it can have, there's no doubt about that

 

twitter in the other hand is different, it can't be compared to facebook expect that is social media but it doesn't work the same way, and it mainly doesn't pull the background bullshit facebook does, i use it mostly as a news feed and follow a few youtubers (linus and group included) also if your worried about privacy, twitter gives you full control of the content you make and when you are exposed

 

ohh and because people spend their time trash talking on facebook or whatever, doesn't mean they deserve a virus, there's usually something worst in the long term

[SirRoderick]

Sorry but I'm a FF fanboy so you're late

Well damn, now I feel bad about that :c

[Trik'Stari]

uuuuummmm..... ever hear of the 60/70's? Teenagers used to be a lot smarter on average than they are now. At least more involved in the world around them.

Care to give a source to refute my claims? I simply feel that kids used to be smarter or at least more involved since they paid attention to something other than facebook/myspace/twitter. I grew up with a bunch of morons, it started with my generation (graduated 2007), I think my sisters generation (I think she graduated high school in 97-99) was the last intellectual generation, I just don't see much intelligence day to day going on in the world. *shrugs*

[xAcid9]

Researchers have uncovered a new social engineering trick that leads users to a malicious extension from Google Chrome...

New? I encountered this a year or 2 ago.

[RainfallWithin]

If people think that downloading Adobe Flash Player for Google Chrome is a good idea then maybe they can't be helped no matter what.

[bcredeur97]

we need a new web browser. maybe like a community-assisted one. get everyone involved so it can be perfect kind of thing.

[Darkman]

#WFMR

#WFFTW

Don't think it's new that malware can pass Chromes security, knew this awhile ago...