Bank-fraud malware not detected by any AV hosted in Chrome Web Store. Extension that surreptitiously steals bank passwords uploaded twice in
17 days.By Dan Goodin
A researcher has uncovered an elaborate bank-fraud scam that's using a malicious extension in Google's Chrome Web Store to steal targets' passwords.
Once installed, the Interface Online extension, uploaded at least twice in the past 17 days, surreptitiously monitors all connections made with the Chrome browser. When users visit specific pages programmed into the code, the extension activates a JavaScript routine that logs the user name and password entered into the form. The extension then uploads them to a server controlled by the attackers. This entry in the Google-owned Virus Total service reports the extension was not detected by any of the 58 most widely used anti-malware products at the time this post was going live.
This is a social-engineering attack as much as it is a trojan horse. The article doesn't make clear if the Chrome app would run on cell phones, so I'm approving it.
Bill Horne Moderator