We can now consider Google’s Chrome browser a rousing success. Cybercrooks have begun targeting Chrome users; a compliment, kind of.
The attack begins with a spam message that tries to dupe the unwary into trying an add-on that “helps you better organize your documents received in your email”. A write-up by BitDefender provides a full analysis including screen shots. One interesting note in the analysis:
Although the sham application has the same description as that of an original Google Chrome Extension, the first sign the more inquisitive users will get about it not being what they were looking for should be the fact that instead of the expected “.crx” extension, it features a flamboyant “.exe” tail.
The trojan modifies the Windows HOSTS to redirect any requests for Google or Yahoo pages to counterfeit, malware-laden versions of thoses sites owned by the crooks.
Repeat after me, I will not click links in spam, I will not click links in spam, I will not click links in spam.