SANS Infosec: Second Google Chrome Extension Banker Malware in Two Weeks

SANS Infosec: Second Google Chrome Extension Banker Malware in Two Weeks. “It seems that Google Chrome extensions have become quite the tool for banking malware fraudsters. Two weeks ago, an offender phoned a victim and asked him to install a supposedly new bank security module that, instead, was a malicious extension hosted at the Google Chrome app store aimed to steal victim’s banking credentials [1]. This week I received a report about a targeted email phishing campaign against another company with a suspicious attachment. The attachments, after the analysis detailed in today’s diary, revealed itself to be another Google Chrome extension prepared to steal banking credentials, credit card, CVV numbers and fraud ‘compensation tickets’ (a popular and particular Brazilian payment method; we call it ‘boleto’) to divert payments.”