A new google chrome extension, using email and the private messaging service WhatsApp to steal everything from your user data to credit credit card numbers.
Following a photo link, the victim is duped into downloading “whatsapp.exe,” which is essentially the malware dropper file.
Once downloaded and opened, a fake Adobe Reader install wizard prompts the victim to specific files full of malware.
Notably, the malware attempts to disable Windows firewall and disable multiple roadblocks that could prevent the malicious code from executing itself.
While most malicious extensions are rigged do one thing or another, “Catch-All” tries to get its mitts on any piece of data it can, including banking information.
Malicious Chrome extensions seem to be on the rise, as of late. Just last week, a software engineer discovered a Google Chrome URL shortening extension carrying a hidden cryptocurrency miner. A month earlier, torrent site The Pirate Bay was found engaging in a similar practice, allegedly as part of a test pilot program to monetize the site without having to display annoying ads.
Read the full story over at Bitfender.
