starbuck Posted October 20, 2015 Posted October 20, 2015 eFast browser poses as Chrome but inserts unwanted ads There's a modified Google Chrome clone going around the Internet that's being used by attackers to show users unwanted ads and redirect them to other malware infection points. The browser in question is named eFast, and according to security researchers at PCRisk and Malwarebytes, it infects user PCs after being installed alongside other applications. This PUP (Potentially Unwanted Application) is based on the Chromium open source browser, the very same code on which Google Chrome is also built. The shared codebase allows the browser to easily pass as the real deal, and successfully fool users into thinking they're actually using Chrome. During eFast's installation, the browser takes special care to remove any Google Chrome shortcuts, and replaces them with its own, using an icon specifically designed to look like Chrome's, but slightly different. Furthermore, additional shortcuts for popular sites like YouTube, Amazon, Facebook, Wikipedia, and Hotmail are all placed on the desktop, all primed to open inside an eFast browser. eFast hijacks file and URL associations on infected systems Malwarebytes has also observed the browser alters OS settings, eFast changing default file associations and URL types, so whenever the user clicked any HTML, GIF, or JPEG document inside their operating system, eFast would be used instead of the previously set application. At the moment of writing this article, researchers have detected eFast placing itself as the default application for the following file types: HTM, HTML, SHTML, XHTML, XHT, WEBP, PNG, JPG, JPEG, GIF, and PDF. Additionally, URLs with the following protocols were also opened by default in eFast: HTTP, HTTPS, FTP, IRC, MAILTO, MMS, SMS, SMSTO, TEL, NEWS, NNTP, URN, and WEBCAL. eFast is being used to deliver adware and ads to users Once the user was convinced (tricked) to use eFast, the browser's malware code injects ads inside their normal Web pages, and even redirect them to sites where other malware is being served. Besides this, during the eFast installation, the predm.exe file was also placed inside the user's Program Files folder, file that is currently detected as infected by 44 antivirus engines on VirusTotal. Both PCRisk and Malwarebytes provide instructions on how to remove eFast from infected computers. Source: http://news.softpedia.com/news/malware-disguises-as-a-google-chrome-browser-clone-494906.shtml Quote
FPCH Admin allheart55 Cindy E Posted October 21, 2015 FPCH Admin Posted October 21, 2015 Thanks, Pete! This one I hadn't heard of yet. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
Recommended Posts