What may seem a harmless Google Chrome update could in fact be malicious software in disguise – hoping to sink its infected roots into your computer and weed out your bank details.
To coincide with Google’s official rollout of its Chrome 24 update, a malware bug, which ironically urges the user to bring their browser ‘up-to-date to ensure they are protected by the latest security features’, has also reared its ugly head.
However, if the unsuspecting user tries to download the ‘update’ from within Chrome itself, a warning from Google appears stating that the executable file ‘appears malicious’.
Threat to personal data
“Put simply, you don’t want this anywhere near your computer and users of Chrome who are curious about updates should simply read the information on the relevant Google Chrome support page,” Boyd said.
Boyd went onto say that the file itself has been seen on about 14 or so websites since October last year and is also listed at malwr.com, a site which allows users to analyze suspicious files and extract information on their process and network behaviour.
Boyd also noted that it is listed on the comments section of VirusTotal (free online malware scanner) as being capable of stealing banking credentials.
In the latter case, the file appears to be related to the Zeus banking Trojan, a malware that steals banking information by man-in-the-browser keystroke logging and form grabbing.
“Indeed, one of the domain name system requests made is to a site by the malware, and is related to ZBot / Blackhole exploit kit attacks. In fact, it seems to want to swipe information of a very similar nature to a ZBot infection from August of 2012,” Boyd added.
In malwr.com’s behaviour summary for the latest fake Google Chrome update, it says the malware creates a batch script, can access Firefox’s password manager local database and installs a program to run automatically at logon.
With fake program updates being a popular way for cyber criminals to spread Trojans, virus and worms, Google Chrome has a specialist phishing and malware detection webpage offering users extra security settings and advice.