Banking Trojan Undercover as Google Installer

Posted on May 23, 2012

A fake Chrome Installer is out there posing as a ChromeSetup.exe file. IT departments are on alert of this Trojan virus. IT support providers working on keeping this fake executable files from reaching their users and clients.

These fake installer posing as a Chrome executable is a threat to reaching your banking information and then provides your information to a remote IP address where your personal information is stored, most of the addresses are located in Brazil and Peru.

Securitynewsdaily.com talks more in depth about this Trojan security breach:

The downloadable file, “ChromeSetup.exe,” contains a sophisticated, multifaceted banking Trojan that, once running on a system, relays that computer’s information to a remote IP address. Most of the compromised browsers connect to IP addresses in Brazil and Peru, researchers at Trend Micro explained. The fake Chrome installer appears to be hosted on popular domains including Facebook, Google and MSN.

The real danger occurs when the malware implants a file that triggers the victim’s Web browser to redirect to a rigged banking site when the user attempts to visit his legitimate banking platform. The Trojan, identified as “TSPY_BANKER.EUIQ,” hijacks the user’s banking session and displays a dialogue box that reads, “Loading system security,” giving the victim the belief that he’s actually being protected when, in fact, the crooks are picking his virtual pockets.

Adding insult to injury, the Trojan uninstalls GbPlugin, a software plugin built to protect Brazilian online banking customers. Trend Micro said the malware, which was first spotted in October 2011, is currently being used in the wild and is morphing to evade detection and more effectively fleece its victims.

You can protect yourself and your online banking sessions by making sure any site that requires you to enter your financial information is secured with “HTTPS” encryption — look for “HTTPS” highlighted in green and a picture of a lock in your Web browser. If a website seems suspicious, or requests information you don’t feel comfortable handing over, do not trust it.

Written by IT Management and Consulting Professionals at FedSolutions.  Thanks for stopping by!