Security News > 2022 > January > Chaes banking trojan hijacks Chrome with malicious extensions
A large-scale campaign involving over 800 compromised WordPress websites is spreading banking trojans that target the credentials of Brazilian e-banking users.
Although the security firm notified the Brazilian CERT, the campaign is ongoing, with hundreds of websites still compromised with malicious scripts that push the malware.
The MSI installer contains three malicious JavaScript files that prepare the Python environment for the next stage loader.
Js, which fetches the Chrome extensions and installs them on the victim's system.
Chrolog - Steals passwords from Google Chrome by exfiltrating the database to the C2 through HTTP. Chronodx - A loader and JS banking trojan that runs silently in the background and waits for a Chrome launch.
At this time, the Chaes campaign is still ongoing, and those who have been compromised will remain at risk even if the websites are cleaned.
News URL
Related news
- New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics (source)
- PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users (source)
- Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (source)
- ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (source)