1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Malware Disguises as Google Chrome Browser Clone

Discussion in 'Security Updates' started by starbuck, Oct 20, 2015.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    eFast browser poses as Chrome but inserts unwanted ads

    There's a modified Google Chrome clone going around the Internet that's being used by attackers to show users unwanted ads and redirect them to other malware infection points.

    The browser in question is named eFast, and according to security researchers at PCRisk and Malwarebytes, it infects user PCs after being installed alongside other applications.

    This PUP (Potentially Unwanted Application) is based on the Chromium open source browser, the very same code on which Google Chrome is also built.

    The shared codebase allows the browser to easily pass as the real deal, and successfully fool users into thinking they're actually using Chrome.

    During eFast's installation, the browser takes special care to remove any Google Chrome shortcuts, and replaces them with its own, using an icon specifically designed to look like Chrome's, but slightly different.

    Furthermore, additional shortcuts for popular sites like YouTube, Amazon, Facebook, Wikipedia, and Hotmail are all placed on the desktop, all primed to open inside an eFast browser.

    faed8dfaf48679cf50a204c4275a9b5a.jpg


    eFast hijacks file and URL associations on infected systems

    Malwarebytes has also observed the browser alters OS settings, eFast changing default file associations and URL types, so whenever the user clicked any HTML, GIF, or JPEG document inside their operating system, eFast would be used instead of the previously set application.

    At the moment of writing this article, researchers have detected eFast placing itself as the default application for the following file types: HTM, HTML, SHTML, XHTML, XHT, WEBP, PNG, JPG, JPEG, GIF, and PDF.

    Additionally, URLs with the following protocols were also opened by default in eFast: HTTP, HTTPS, FTP, IRC, MAILTO, MMS, SMS, SMSTO, TEL, NEWS, NNTP, URN, and WEBCAL.

    eFast is being used to deliver adware and ads to users

    Once the user was convinced (tricked) to use eFast, the browser's malware code injects ads inside their normal Web pages, and even redirect them to sites where other malware is being served.

    Besides this, during the eFast installation, the predm.exe file was also placed inside the user's Program Files folder, file that is currently detected as infected by 44 antivirus engines on VirusTotal.

    Both PCRisk and Malwarebytes provide instructions on how to remove eFast from infected computers.

    96ba3b93c2d22ca1df67324e8509fd44.jpg

    a3dac0d5d8b441926dc8efe7b9c0899b.jpg



    Source:
    http://news.softpedia.com/news/malware-disguises-as-a-google-chrome-browser-clone-494906.shtml
     
    starbuck, Oct 20, 2015
    #1

Share This Page