Security News > 2022 > January > Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions

Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions
2022-01-27 04:37

A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago.

"Chaes is characterized by the multiple-stage delivery that utilizes scripting frameworks such as JScript, Python, and NodeJS, binaries written in Delphi, and malicious Google Chrome extensions," Avast researchers Anh Ho and Igor Morgenstern said.

"The ultimate goal of Chaes is to steal credentials stored in Chrome and intercept logins of popular banking websites in Brazil."

Chronodx - A JavaScript trojan that, upon detecting the launch of Chrome browser by the victim, closes it immediately and reopens its own instance of Chrome containing a malicious module that steals banking information.

Chremows - A JavaScript banking trojan that records keypresses and mouse clicks on Chrome with the goal of plundering login credentials from users of Mercado Livre and Mercado Pago.

"The Google Chrome extensions are able to steal users' credentials stored in Chrome and collect users' banking information from popular banking websites."


News URL

https://thehackernews.com/2022/01/chaes-banking-trojan-hijacks-chrome.html