Malware authors target Google Chrome

Status
Not open for further replies.
jamescv7

jamescv7

Level 85
Thread author
Verified
Honorary Member
Mar 15, 2011
13,070
Every time I write about Internet Explorer, it’s usually a matter of minutes—sometimes even seconds—until someone in the Talkback section proclaims, smugly, that they’ve switched to Google Chrome or Firefox and are therefore immune from malware attacks.

They’re wrong, and malware authors have begun preying on users of alternative browsers to push dangerous software, including Trojans and scareware. The problem is that most malware attacks aren’t triggered by exploits that target vulnerabilities in code. Instead, according to one recent study, “users are four times more likely to come into contact with social engineering tactics as opposed to a site serving up an exploit.”

I found a perfect example yesterday, thanks to an alert from Silverlight developer Kevin Dente. He had typed in a simple set of search terms—Silverlight datagrid reorder columns—at Google.com, using the Google Chrome browser on Windows. You can follow along with what happened next in the screenshot gallery that accompanies this post.
Click to expand...

Zdnet
 
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I came across this sometime last week:
http://malwaretips.com/Thread-Fake-Security-scan-in-Google-Chrome

They should make their idea of this more strict, like SmartScreen in IE9:
http://malwaretips.com/Thread-Google-Chrome-and-Chromium-add-protection-against-malicious-downloads
 
bogdan

bogdan

Level 1
Jan 7, 2011
1,362
People need to distinguish between an exploit in a browser and this social engineering type of attack. There is no bug in chrome being exploited here. It is just a social engineering attack that happens to use the words "Google Chrome". It doesn't matter what browser you use, if you fall for this kind of "tricks". My opinion on what makes a browser secure: how fast the author reacts to newly discovered bugs. Consider this, when choosing your browser.
 
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Bogdan, do you think these Social Engineering attacks first detect what web browser you are using then load the "appropriate-looking" fake scanner to match the browsers appearance?
 
bogdan

bogdan

Level 1
Jan 7, 2011
1,362
That is absolutely possible because every browser has a userAgent string. It can be used to identify your browser and an example of using it for the right purpose is making sure that the page is displayed correctly under some browsers.
 
jamescv7

jamescv7

Level 85
Thread author
Verified
Honorary Member
Mar 15, 2011
13,070
Well malware writers know that many users are using Google Chrome thus they are targeting with fake scanner google chrome page.
 
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Malware News Google: Russian FSB hackers deploy new Spica backdoor malware
Replies
1
Views
1,504
Security News
Juan2go
J
NB InfoTech
    • Like
App Review Google Chrome Extension you must have | SquareX Review
Replies
3
Views
616
Video Reviews - Security and Privacy
broughie
B
Gandalf_The_Grey
    • Like
    • +Reputation
Chaes malware now uses Google Chrome DevTools Protocol to steal data
Replies
0
Views
971
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top