Malware Using Bait and Switch

 
   In an interesting turn of events, malware is now attempting to take over your web browser by fully replacing it!  Mentioned by Swift Security and verified by Malwarebytes, eFast works to uninstall Chrome and replace it to serve you malware and ads to make the authors money!

   When Google announced that Chrome will only be installing extensions from the extension shop, some people weren't happy that Google was locking it down.  As it turns out, Google showed some good foresight as that lock down has make Chrome one of the safer web browsers.  Since malware isn't able to inject itself as an extension, they are now trying to fully remove Chrome from the infected computer and install it's own browser.  It does a decent replacement since eFast is based on Chromium.

   According to Malwarebytes, eFast even offers quick shortcuts to popular sites!  If I were Google, I would be impressed that malware realized it can't easily beat Chrome, so they decided to join and impersonate!



   It's interesting to see how malware adapts to the changing landscape and how creative cyber-criminals are getting.  Obviously I don't condone the actions as it makes my job harder keeping users safe at my company, but it's hard not to realize the clever tricks that are used to stay a step a head.  Has there been anything odd that you've seen yourself?  What tricks have been hard to keep your users a head of?  Let us know and stay safe goblins!
SHARE

About Jimmy R. Tassin

Jimmy Tassin is the IT Manager of Midwest Regional Bank and has been involved with the Technology field for over thirteen years. His two hobbies are overseeing the daily operations of OmniKraft, a Minecraft server community, and writing at Goblinbyte.com.
    Blogger Comment
    Facebook Comment

2 comments:

  1. Oh wow that is the first I've heard of this, I have to say that is in fact very clever, and very dubious, I wonder if any other open source applications have been subject to similar types of attacks. Could you imagine open office or thunderbird getting rapidly replaced across multiple computers.

    Clever attack, how does it run?

    ReplyDelete
    Replies
    1. Once it's on the computer, it systematically looks for Chrome and remove it, and then takes ownership of extensions associated with Chrome. It forces the infected computer to run it's web browser over Chrome.

      Delete