Malware Driven Google Chrome and Adobe Flash Updates Reportedly Making the Rounds

Malware writers are a tricky bunch, and if you're not suspicious of every little thing on the Internet, you could fall prey to one of their many tactics, like spoofing software updates. It's not really a new method, though apparently serving up fake updates for Google Chrome and a fake media player update that appears to come from Adobe are popular right now.

To make it look even more authentic, both updates are digitally signed by valid VeriSign code signing certificates, ZDNet reports. This isn't the first time malware writers have tapped VeriSign to appear legitimate, though it's not always the preferred method because it's expensive.

Fake Chrome Update

Sometimes there are telltale signs of malware. In this case, the Chrome logo in the fake update is slightly different from the real logo. As for the Adobe update, it doesn't actually say "Adobe" or contain the company's logo, it just uses an update GUI that looks very similar to the real thing. Installing it will serve up adware, whereas the spoofed Chrome update is identified as W32/Kryptik, which gathers details on the infected host's FTP servers.

"I have dedicated much of this write up on the ability of this malware to steal FTP info; I believe that this is what the malware was designed for," Zandro Iligan, senior antivirus analyst with FortiGuard Labs, explains in a blog post. "Few authors take the time to make their malware code as clean as possible. This specific malware is well thought out and very carefully coded."

ZDNet's Larry Seltzer said he stumbled upon both spoofed updates through a typo in the address bar.
Via:  ZDNet
Comments
ChuckRenninger one year ago

Well..only half at risk...I don't use chrome... :/

CurtisCorse one year ago

That's been going on for months. All people need to remember is that Chrome updates itself as does Flash. IMO malware only affects people who are either ignorant about their computers or those who just make really stupid decisions.

Post a Comment
or Register to comment