Earlier this week BitDefender said that a trojan is posing as a Google Chrome extension. Naturally email is involved, leading unsuspecting Chrome users to certain doom. Outside the obvious infection, the bad news is that the problem is only going to get worse as more and more users flock to Google's less-bloated web browser offering.
According to the security firm, Google Chrome users receive an unsolicited e-mail which announces that a new extension of their favorite browser has been developed to facilitate their access to documents from e-mails. Recipients are also provided with a link that leads them to a web page identical to the Google Chrome Extensions page. The file listed on the page isn't a Chrome extension, but rather links to a rather nasty trojan.
"Although the sham application has the same description as that of an original Google Chrome Extension, the first sign the more inquisitive users will get about it not being what they were looking for should be the fact that instead of the expected “.crx” extension, it features a flamboyant “.exe” tail," BitDefender said.
BitDefender identified the malware as Trojan.Agent.20577, an application that modifies the Windows HOSTS file in an attempt to block both Google and Yahoo webpages. "Every time users want to access them and write “google.[xxx]” or “[xx].search.yahoo.com” in the web browser, they will be redirected to another IP: 89.149.xxx.xxx," the security firm added. "This allows the malware creators to intercept the victims’ calls to reach the respective sites. In this way, the credulous users will be redirected to the cybercriminals’ own malware-laden versions of those sites."
Eventually it's going to get to the point where consumers can't trust any type of email, forcing everyone to text their messages via IM clients or smartphones.