A MitM extension for Chrome

Discussion in '0-day Release' started by RGiskardR, Jun 8, 2018.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member

    [​IMG]
    Browser extensions make our lives easier: they hide obtrusive advertising, translate text, help us choose in online stores, etc. There are also less desirable extensions, including those that bombard us with advertising or collect information about our activities. These pale into insignificance, however, when compared to extensions whose main aim is to steal money. To protect our customers, we automatically process large numbers of extensions from a variety of sources. This includes downloading and analyzing suspicious extensions from Chrome Web Store. One extension, in particular, recently caught our attention because it communicated with a suspicious domain.

    The Google Chrome extension named Desbloquear Conteúdo (which means ‘Unblock Content’ in Portuguese) targeted users of Brazilian online banking services – all the attempted installations that we traced occurred in Brazil. The aim of this malicious extension is to harvest user logins and passwords and then steal money from their bank accounts. Kaspersky Lab products detect the extension as HEUR:Trojan-Banker.Script.Generic.

    Full reading: https://securelist.com/a-mitm-extension-for-chrome/86057/
     
    silversurfer, Petrovic and Trim like this.
  2. Google Adsense

Share This Page