In these recent attacks cyber criminals target victims using social media networks, specifically those individuals inside financial organizations and those who make financial transactions. These victims were then called using the phone by the attacker posing as bank employees, who then used social engineering tactics to trick the victim to install an "update" to the bank’s security module.
The victims, worried that they would lose access to their account, complied by installing a Chrome extension called Interface Online offered by Internet Security Online. The extension was available on Tuesday in the Chrome store. As it was discovered, Google took it down. This scam was first discovered in Brazil, but expect this soon in the US and Europe.
The pressure-filled phone call to the banks includes instructions on how to update the supposed security module. The victim is provided with a web address over the phone and when they click “Install,” they are redirected to the extension’s installation page, hosted in the Chrome Store. The cyber criminal keeps the victim on the line throughout the installation process and once it’s complete, has them test their access to the corporate bank account. As they enter their credentials, the data is sent to the attackers in the background.
“I’ve had the opportunity to listen to one of those calls and I must admit that they make it in a professional way,” Marinho told Threatpost.
“In my opinion, the criminals are shifting from the traditional [malicious spam] to targeted and more creative attack methods here in Brazil,” Marinho said. ‘It’s getting common to have victims reporting that they are receiving phone calls from someone pretending to be from a bank and urging the victim to do something, like installing a fake security module, this case, or asking them to type the token combination on a fake website.”
These attacks are the latest in a growing trend of fraud exploiting Chrome extensions. In the recent weeks, researchers have reported at least eight popular Chrome plugins had been hijacked and were being abused to manipulate internet traffic and serve ads in the browser.
Warn your accounting team that this is a new scam they need to watch out for. Also, ensure your company systems are managed by a professional IT service provider to monitor and maintain the network and IT systems. It is important that the provider implements comprehensive security services as part of their offering.
Reference: https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://blog.knowbe4.com/criminals-use-social-engineering-to-make-victims-install-malicious-chrome-extensions
nice post keep like that
follow me if you want : https://steemit.com/@malachai
and read my new post : https://steemit.com/life/@malachai/10-things-i-want-to-do-before-i-die-funny-moment
Congratulations @geekasso! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOPCongratulations @geekasso! You have received a personal award!
Click on the badge to view your Board of Honor.
Congratulations @geekasso! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!