Google patched nearly two dozen security vulnerabilities in Chrome on Thursday and a day later attackers have begun circulating fake Google Chrome updates that actually are part of a scam related to the Zeus botnet and is designed to steal online banking credentials, among other things.
Attackers have been using fake Chrome updates to lure victims for several months now, and the most recent scheme uses a similar approach as the past ones and also uses related files. Researchers at GFI Labs discovered a renewed wave of attempts by attackers to trick users into downloading and installing a file that purports to be a Google Chrome update, but is in fact mostly interested in snagging sensitive data, such as banking credentials, from victims.
“The file itself has been around for a while, being seen on around 14 or so websites since around October and is listed at Malwr.com which mentions attempts to access Firefox’s Password Manager local database – meanwhile, it’s listed on the comments section of VirusTotal as beingcapable of stealing banking credentials. You’ll notice they mention Zeus – indeed, one of the DNS requests made is to a site by the Malware is related to ZBot / Blackhole exploit kit attacks. In fact, it seems to want to swipe information of a very similar nature to a ZBot infection from August of 2012 detailed on the ShadowServer Blog,” GFI’s Chris Boyd wrote in an anlysis of the attack.
The good news is that legitimate Chrome installations detect the malicious files and will warn users about them. For Chrome users, the safest and most convenient way to upgrade your browser is to go to the Settings menu and then click on the Help option. That will prompt Chrome to check for updates and download the latest version. It’s a good idea to avoid any other updates you come across online, aside from those on the official Google Chrome site.