Many of the security threats that we suffer every day can come through the browser. It is in fact a very used entry route for hackers. In this article we echo the Chaes banking trojan, which attacks Chrome and is capable of stealing bank details. We are going to explain how it works and what we can do to be protected at all times.
New Trojan that steals bank details in Chrome
This is a large-scale campaign that takes advantage of hundreds of vulnerable WordPress websites. This allows them to spread banking Trojans and target the credentials of victims. So they can take control of the accounts through the browser itself.
Specifically, we are talking about the Chaes Trojan, which according to Avast has been present since the end of 2021. It is capable of using malicious scripts on hundreds of compromised websites. But how do we get infected with this malware? This happens when entering a website that has been previously attacked. A pop-up window appears telling us to install the java runtime application. It really is a bogus program.
This setup program has a total of three malicious JavaScript files that they will be in charge of executing different tasks to start the attack. They basically prepare the ground to later steal the information through the browser. One of the execution steps of this Trojan is to install fraudulent extensions in Chrome and thus steal banking credentials.
As indicated by Avast, in total they have detected five false extensions related to this Trojan. The problem is that, even if the attacked websites become safe again, victims who have previously been infected will continue to use these extensions and must take additional measures.
How to avoid these attacks
So what can we do to be protected? The first and most important thing is to have be careful when installing any plugin. In this case, we have seen that it is a supposed Java Runtime application that we are invited to install when entering web pages that have been previously attacked. We should never install this type of software through any link we find, as it can be a scam. Among other things, you can enable DNS over HTTPS in Chrome.
The next thing is to control at all times what extensions do we have installed. We have seen that this attack is based on installing add-ons in Chrome and from there being able to steal credentials and passwords. You can periodically check what extensions there are and if you see any strange ones that you have not installed, delete them immediately.
It will also be essential to have updated system correctly. And here we must include the browser. It is essential to fix any vulnerabilities that may exist. For example, a security flaw that affects the browser and allows an intruder to execute code or install plugins.
On the other hand, it is equally essential to always have a good antivirus. It does not matter what operating system we have installed, since anyone can become vulnerable. This will help us remove any viruses or malware in general that we may download by mistake and that could lead to data theft.
