Bogus Chrome update offers shadow real updates

Google's recent upgrade of Chrome has sparked a new round of bogus updates of the Web browser from cybercriminals hoping to steal online banking credentials and perform other mayhem.

Google released its upgrade Thursday, providing users with higher performing software and patching two-dozen security vulnerabilities. Because Google usually refreshes the browser every six to eight weeks, cybercriminals get a dependable opportunity to lay traps for users.

Mimicking the same tricks used in the past, the snares are set on websites designed as if they are from Google, security vendor GFI Software reported on Friday. The sites urge the visitor to "Update Google Chrome: To make sure that you're protected by the latest security updates."

People trying to download the file while using Chrome will get a warning that they are trying to install a file that "appears malicious." Those who do not hit the discard button will download malware that has been seen on more than a dozen sites since October.

The Trojan, named google_chrome_update.exe, is designed to steal online banking credentials in order to make unauthorized wire transfers to the attackers' accounts. The malware is a member of the Zeus family, which is widely known for stealing bank account data, while also monitoring Internet activity to steal other personal data.

Indeed, the malware makes a DNS request to a site connected to a Zeus botnet created with the Blackhole exploit kit, Chris Boyd, a senior threat researcher for GFI, said in a blog post.

"Put simply, you don't want this anywhere near your computer, and users of Chrome curious about updates should simply read the information on the relevant Google Chrome support page," he said.

While bogus upgrades do not follow every Chrome update, GFI expects criminals to set more traps in the future. "We do expect [cybercriminals] to continue using fake browser upgrades to entice users into downloading their malware," said Dodi Glenn, an antivirus product manager for GFI.

Chrome is unlikely to be the only target of such attacks. "There have been several fake Firefox updates in 2011 and 2012 released into the wild," Glenn said.

Early last year, Google added malware download protection to Chrome. The feature blocks downloads from known malicious sites.

Apple Safari, Mozilla Firefox and Microsoft Internet Explorer have similar features. Nevertheless, no technical mechanism is foolproof, and security experts advise people to consider the reputation of the source before downloading a file.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Tags: Google, Data Protection | Malware, applications, bogus updates, legal, software, data protection, GFI Software, cybercrime, chrome

Near field communication – the security risks

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Webroot SecureAnywhere Business

The lightest, fastest, easiest-to-manage, and most effective endpoint protection.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.