Users of the web browser Chrome are being warned to watch out for fake updates that are not issued by Google, but are part of a scam designed to steal online banking credentials and other confidential details. Rather than risking problems, our advice to users is to go to the Settings menu and click on the Help option, prompting Chrome to check for updates and download the latest version.
This is not a new scam, with incidences reported for the last few months. However, researchers at internet security specialist GFI Labs have uncovered a new wave of attempts at the trickery, immediately after Google patched a number of security vulnerabilities in its browser only on Thursday.
According to GFI: "The file itself has been around for a while, being seen on around 14 or so websites since around October and is listed at Malwr.com which mentions attempts to access Firefox’s Password Manager local database – meanwhile, it’s listed on the comments section of VirusTotal as beingcapable of stealing banking credentials. You’ll notice they mention Zeus – indeed, one of the DNS requests made is to a site by the Malware is related to ZBot / Blackhole exploit kit attacks. In fact, it seems to want to swipe information of a very similar nature to a ZBot infection from August of 2012 detailed on the ShadowServer Blog."
Legitimate Chrome installations will actually detect the malicious files and will warn users about them.