This Malware Can Delete and Replace Your Entire Chrome Browser with a look alike

Discussion in 'Malware Analysis Archive' started by Exterminator, Oct 20, 2015.

  1. Exterminator

    Exterminator Super Moderator
    Staff Member

    Oct 23, 2012
    Windows 10
    eFast browser poses as Chrome but inserts unwanted ads
    There's a modified Google Chrome clone going around the Internet that's being used by attackers to show users unwanted ads and redirect them to other malware infection points.

    The browser in question is named eFast, and according to security researchers at PCRisk and Malwarebytes, it infects user PCs after being installed alongside other applications.

    This PUP (Potentially Unwanted Application) is based on the Chromium open source browser, the very same code on which Google Chrome is also built.

    The shared codebase allows the browser to easily pass as the real deal, and successfully fool users into thinking they're actually using Chrome.

    During eFast's installation, the browser takes special care to remove any Google Chrome shortcuts, and replaces them with its own, using an icon specifically designed to look like Chrome's, but slightly different.

    Furthermore, additional shortcuts for popular sites like YouTube, Amazon, Facebook, Wikipedia, and Hotmail are all placed on the desktop, all primed to open inside an eFast browser.

    frogboy, jamescv7 and LabZero like this.
  2. sinu

    sinu Guest

    Security researchers have uncovered a new piece of Adware that replaces your entire browser with a dangerous copy of Google Chrome, in a way that you will not notice any difference while browsing.
    The new adware software, dubbed "eFast Browser," works by installing and running itself in place of Google Chrome
    The adware does all kinds of malicious activities that we have seen quite often over the years:

    • Generates pop-up, coupon, pop-under and other similar ads on your screen
    • Placing other advertisements into your web pages
    • Redirects you to malicious websites containing bogus contents
    • Tracking your movements on the web to help nefarious marketers send more crap your way to generating revenue
    Therefore, having eFast Browser installed on your machine may lead to serious privacy issues or even identity theft.

    Read more : This Malware Can Delete and Replace Your Entire Chrome Browser with a lookalike - The Hacker News
    frogboy, jamescv7, Engage and 2 others like this.
  3. Engage

    Engage New Member

    Oct 19, 2015
    Italy (sicily)
    Note as an addition that you will need to have authorized the loader/installer administrative rights at some point for it to replace Google Chrome (assuming you have Google Chrome installed in Program Files (x86)/Program Files since those directories are actually protected).
  4. Umbra

    Umbra From Emsisoft

    May 16, 2011
    Community manager
    Vietnam & France
    Windows 10
    Not so clever , the name is still mentioned , only very beginner users may be fooled.
    frogboy, Engage and Kent like this.
Similar Threads Forum Date
Malwarebytes not able to delete Malware. Tried deleting files manually also but they popped back up. Malware Removal Assistance For Windows Jul 31, 2017
How do you delete the malware if it's a Systems App? Malware Removal Assistance For Mobile Apr 14, 2017
How to delete Large Malwarebytes "Scan Window" upon login? Malware Removal Assistance For Windows Dec 14, 2016