Security News > 2022 > January > Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions
A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago.
"Chaes is characterized by the multiple-stage delivery that utilizes scripting frameworks such as JScript, Python, and NodeJS, binaries written in Delphi, and malicious Google Chrome extensions," Avast researchers Anh Ho and Igor Morgenstern said.
"The ultimate goal of Chaes is to steal credentials stored in Chrome and intercept logins of popular banking websites in Brazil."
Chronodx - A JavaScript trojan that, upon detecting the launch of Chrome browser by the victim, closes it immediately and reopens its own instance of Chrome containing a malicious module that steals banking information.
Chremows - A JavaScript banking trojan that records keypresses and mouse clicks on Chrome with the goal of plundering login credentials from users of Mercado Livre and Mercado Pago.
"The Google Chrome extensions are able to steal users' credentials stored in Chrome and collect users' banking information from popular banking websites."
News URL
https://thehackernews.com/2022/01/chaes-banking-trojan-hijacks-chrome.html
Related news
- PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users (source)
- Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (source)