“Oh hey, a new Chrome update! I’d better hurry up and download the file from this random website with no apparent connection to anything remotely related to my web browser”.
There are things better left unsaid, and the above is probably floating around near the top somewhere. A scam from a few months ago – fake Chrome update websites leading to Malware – has returned and is currently turning heads.
Click to Enlarge
The design of the website is identical to the initial rollout, urging the end-user to “Update Google Chrome: To make sure that you’re protected by the latest security updates”.
If you attempt to download the file while using Chrome, the following prompt appears quicker than Christopher Nolan can make a movie about it:
GOOD ADVICE, CHROME.
The file itself has been around for a while, being seen on around 14 or so websites since around October and is listed at Malwr.com which mentions attempts to access Firefox’s Password Manager local database – meanwhile, it’s listed on the comments section of VirusTotal as being capable of stealing banking credentials. You’ll notice they mention Zeus – indeed, one of the DNS requests made is to a site by the Malware is related to ZBot / Blackhole exploit kit attacks. In fact, it seems to want to swipe information of a very similar nature to a ZBot infection from August of 2012 detailed on the ShadowServer Blog (scroll down to the “data it tries to collect and steal”).
Put simply, you don’t want this anywhere near your computer and users of Chrome curious about updates should simply read the information on the relevant Google Chrome support page. VIPRE Antivirus detects this threat as Trojan.Win32.Cleaman.aj (v).
Leave a reply