Bank-fraud malware not detected by any AV hosted in Chrome Web Store. Twice

4
Want create site? Find Free WordPress Themes and plugins.

Enlarge

A researcher has uncovered an elaborate bank-fraud scam that’s using a malicious extension in Google’s Chrome Web Store to steal targets’ passwords.

Once installed, the Interface Online extension, uploaded at least twice in the past 17 days, surreptitiously monitors all connections made with the Chrome browser. When users visit specific pages programmed into the code, the extension activates a JavaScript routine that logs the user name and password entered into the form and uploads it to a server controlled by the attackers. This entry in the Google-owned Virus Total service reports it wasn’t detected by any of the 58 most widely used antimalware products at the time this post was going live.

Google officials removed the extension on Tuesday, after Renato Marinho, who is the Chief Research Officer of Morphus Labs and a volunteer at the SANS Institute, reported it was part of a scam hitting Brazilian bank customers. It had been available since July 31 and was downloaded 30 times. On Wednesday, the same extension reappeared, and showed it had already received 23 downloads. It remained available for download here as this post was going live, although Marinho said he reported the reposted app to Google.

Read 7 remaining paragraphs | Comments

Source: arstechnica.com

Did you find apk for android? You can find new Free Android Games and apps.

You might also like More from author

Comments