Society

New viruses threatening “Chrome” users: how to protect yourself?


Chrome” users are facing an unusual attack aimed at stealing their credentials by putting them in a situation where they cannot proceed without entering their username and password.

 

A cunning method 

A recent study has revealed how cybercriminals are using a new, sneaky technique to force “Chrome” browser users to disclose their Google account passwords.

This new credential theft campaign, using malware called “StealC”, freezes the user’s browser while blocking the “F11” and “ESC” keys to prevent them from escaping the frozen screen.

The only thing the browser will display is a login window, often for the “Google” account itself.

This way, hackers force the victim to enter their credentials into the browser, and once they do, the malware spreads to steal credentials and take over passwords from “Chrome‘s” credential storage, delivering them to the attackers.

Another threat 

Researchers have identified a new variant of a well-known banking Trojan called “TrickMo”, which now pretends to be the “Google Chrome” browser app for Android.

When this malicious app is installed, the victim sees a warning that “Google Play” needs to be updated, along with a confirmation dialog box. In reality, it installs another app called “Google Services”, which requests user permissions and guides them to enable the app’s accessibility services.

Once this is done, it grants attackers the elevated permissions needed to intercept SMS messages to obtain two-factor authentication codes. “TrickMo” then displays a screen that looks like a real login page to capture account credentials.

To evade detection, the new “TrickMo” variant uses a “Zip” file archive technique, which may make it difficult for automated analysis tools used by cybersecurity defenders to inspect the file’s contents due to the distorted structure, complicating the analysis process significantly.

Protection measures 

In case your device is infected with the “StealC” variant, users are advised to try shutting down via the power button, then restart in safe mode using the “F8” key, and perform a full system scan to prevent the malware infection from reoccurring.

As for “TrickMo”, the advice is simple and often repeated: do not download Android applications from any source other than the official “Play” store.

Show More

Related Articles

Back to top button
Verified by MonsterInsights