Fake Google Chrome Installer Steals Banking Details

[Jack]

Information Week Wrote:Beware fake Chrome installers for Windows.

A file named "ChromeSetup.exe" is being offered for download on various websites, and the link to the file appears to be legitimately hosted on Facebook and Google domains. In reality, the software won't install Google's Chrome browser, but an information-stealing Trojan application known as Banker, according to antivirus vendor Trend Micro.

Once the malware--which appears to be targeting Latin American users, especially in Brazil and Peru--is executed, it relays the IP address and operating system version to one of two command-and-control (C&C) servers, then downloads a configuration file. After that, whenever a user of the infected PC visits one of a number of banking websites, the malware intercepts the HTTP request, redirects the user to a fake banking page, and also pops up a dialog box informing the user that new security software will be installed.

In fact, the malware has been designed uninstall GbPlugin, which is "software that protects Brazilian bank customers when performing online banking transactions," said Trend Micro security researcher Brian Cayanan in a blog post. "It does this through the aid of gb_catchme.exe--a legitimate tool from GMER called Catchme, which was originally intended to uninstall malicious software. The bad guys, in this case, are using the tool for their malicious agendas."

Read more: http://www.informationweek.com/news/secu.../240000575

[McLovin]

How can you not tell that it's a fake Google Chrome installer. Mind you there are a lot of people out there that fall for a lot of things.

[Spirit]

Install Only from Homesite or sites like softpedia,cnet.

[McLovin]

(05-19-2012 07:38 AM)Stonecold Wrote:  Install Only from Homesite or sites like softpedia,cnet.

Yes, install and download from sites that have a very high reputation or have very good reviews.

[Umbra Polaris]

(05-19-2012 07:52 AM)McLovin Wrote:  

(05-19-2012 07:38 AM)Stonecold Wrote:  Install Only from Homesite or sites like softpedia,cnet.

Yes, install and download from sites that have a very high reputation or have very good reviews.

or check the hashes if you are not sure.

[Spirit]

(05-19-2012 08:08 AM)umbrapolaris Wrote:  

(05-19-2012 07:52 AM)McLovin Wrote:  

(05-19-2012 07:38 AM)Stonecold Wrote:  Install Only from Homesite or sites like softpedia,cnet.

Yes, install and download from sites that have a very high reputation or have very good reviews.

or check the hashes if you are not sure.

+1 This is the best way to check original and unbroken installer for every software

[computersaver]

O my God. I don't believe this. Google is making spam for its user

[Malware Maniac]

(07-02-2012 02:02 PM)computersaver Wrote:  O my God. I don't believe this. Google is making spam for its user

No. There is a fake installer that in the description say stealing banking details.