Proofpoint Security Researchers have divulge a new malware exploit kits which specifically target Google Chrome users running Windows based computers.
The campaign was first detected last month in December 10, 2016 .The malware is based on EiTest Chain .
“EITest” is catalogue infection chain that depend and strike on compromised websites.The malware redirect users to exploit landing pages. EITest has been involved in information stealing, ransomware and many other malware attacks .
EITest is best know for its longevity as its believed to transcripted back in 2014
- Step 1: Victim host views a compromised website with malicious injected script.
- Step 2: The injected script generates an HTTP request for an EK landing page.
- Step 3: The EK landing page determines if the computer has any vulnerable browser-based applications.
- Step 4: The EK sends an exploit for any vulnerable applications (for example, out-of-date versions of Internet Explorer or Flash player).
- Step 5: If the exploit is successful, the EK sends a payload and executes it as a background process.
- Step 6: The victim’s host is infected by the malware payload.
The pop up chrome tab come with Google Chrome’s logo and button styles, it make the exploit more legitimate .
This allow the malware to download and install a file which appear like Chrome_Font.exe which is label as ”Fleercivet” by Microsoft .
According to Proofpoint that scheme work like
The infection is straightforward: if the victim meets the criteria – targeted country, correct User-Agent (Chrome on Windows) and proper referer – the script is inserted in the page and rewrites the compromised website on a potential victim’s browser to make the page unreadable, creating a fake issue for the user to resolve.
(Trojan.Fleercivet ) the ad fraud malware depend to be click and install which make it hard for Hackers to make any conversions or install malware with this exploit kit yet they attempt to conceive new strategies to trick user to install malware.