tehƧP@ƦKly�ANK� -Ⅲ�
10-25-2015, 06:29 AM
http://www.pcworld.com/article/2994778/security/tricky-new-malware-replaces-your-entire-browser-with-a-dangerous-chrome-lookalike.html
Related Article: https://blog.malwarebytes.org/online-security/2015/10/efast-browser-hijacks-file-associations/
Apparently, based on PUP (Potentially Unwanted Programs) installations (most likely third-party sites with their own installers),
your Google Chrome can potentially get hijacked by malware.
Easy signs of this happening?
Chrome taking over default file associations.
This one hijacks these file-associations:
gif
htm
html
jpeg
jpg
pdf
png
shtml
webp
xht
xhtml
Naturally, most operating systems have their own picture viewers installed before you install other viewers (XNView, etc).
It can also hijack URL's.
The same is done for these URL-associations:
ftp
http
https
irc
mailto
mms
news
nntp
sms
smsto
tel
urn
webcal
Why this matters:
As pseudonymous infosec expert SwiftOnSecurity noted, it�s a testament to Chrome�s security against in-browser malware that attackers are now trying to overwrite the program completely. With Windows looking like the weaker link, users will want to be extra careful when using software installers from untrusted sources.
In any case, the browser does clearly identify itself when visiting the About page from the Settings menu (chrome://chrome/).
PCRisk has detailed removal instructions (https://www.pcrisk.com/removal-guides/9480-ads-by-efast-browser#!prettyPhoto).
Just an informational post to warn those who might have fallen victim.
Always trust it when it comes to Malwarebytes!
Related Article: https://blog.malwarebytes.org/online-security/2015/10/efast-browser-hijacks-file-associations/
Apparently, based on PUP (Potentially Unwanted Programs) installations (most likely third-party sites with their own installers),
your Google Chrome can potentially get hijacked by malware.
Easy signs of this happening?
Chrome taking over default file associations.
This one hijacks these file-associations:
gif
htm
html
jpeg
jpg
png
shtml
webp
xht
xhtml
Naturally, most operating systems have their own picture viewers installed before you install other viewers (XNView, etc).
It can also hijack URL's.
The same is done for these URL-associations:
ftp
http
https
irc
mailto
mms
news
nntp
sms
smsto
tel
urn
webcal
Why this matters:
As pseudonymous infosec expert SwiftOnSecurity noted, it�s a testament to Chrome�s security against in-browser malware that attackers are now trying to overwrite the program completely. With Windows looking like the weaker link, users will want to be extra careful when using software installers from untrusted sources.
In any case, the browser does clearly identify itself when visiting the About page from the Settings menu (chrome://chrome/).
PCRisk has detailed removal instructions (https://www.pcrisk.com/removal-guides/9480-ads-by-efast-browser#!prettyPhoto).
Just an informational post to warn those who might have fallen victim.
Always trust it when it comes to Malwarebytes!