Security News > 2022 > January > Chaes banking trojan hijacks Chrome with malicious extensions

Chaes banking trojan hijacks Chrome with malicious extensions
2022-01-26 16:39

A large-scale campaign involving over 800 compromised WordPress websites is spreading banking trojans that target the credentials of Brazilian e-banking users.

Although the security firm notified the Brazilian CERT, the campaign is ongoing, with hundreds of websites still compromised with malicious scripts that push the malware.

The MSI installer contains three malicious JavaScript files that prepare the Python environment for the next stage loader.

Js, which fetches the Chrome extensions and installs them on the victim's system.

Chrolog - Steals passwords from Google Chrome by exfiltrating the database to the C2 through HTTP. Chronodx - A loader and JS banking trojan that runs silently in the background and waits for a Chrome launch.

At this time, the Chaes campaign is still ongoing, and those who have been compromised will remain at risk even if the websites are cleaned.


News URL

https://www.bleepingcomputer.com/news/security/chaes-banking-trojan-hijacks-chrome-with-malicious-extensions/