Published on February 6th, 2015 📆 | 2625 Views ⚑


Fake ‘Google Chrome update’ notification leads users to CTB Locker/Critroni Ransomware

Security Researcher at Malwarebytes have discovered a new wave of malware attacks involving CTB Locker/Critroni Ransomware which targets the user through fake email notifications claiming to be come from Google Chrome security team and asking the users to click on the link.

The fake Google email asks the potential victim to update his/her Google Chrome, which the email claims, has become outdated and insecure.
“Your version of Google Chrome is potentially vulnerable and out of date”.
Google Chrome update Spam leads to CTB Locker/Critroni Ransomware

The executable file pretending to be the Chrome Update is not attached with the mail itself but following the link from the mail leads to one of the several compromised websites hosting the malware laden files.

[adsense size='1']

Google Chrome update Spam leads to CTB Locker/Critroni Ransomware

The file named as “ChromeSetup.exe” is not a Chrome Update but a Ransomware variant, CTB Locker/Critroni Ransomware. which when executed/installed locks and encrypts all the files on the victims computer and changes the desktop background image which reads that, your personal files are encrypted by CTB Locker, asking the victim to pay a ransom of 2 BTC (about 500USD) to a Bitcoin Wallet address given on the desktop, to get his/her file decrypted else he/she will lose their files permanently.

Malwarebytes says, it is possible to remove the malware which is detected as Trojan.ZBAgent.NS by Malwarebytes Anti-Malware however it is difficult to restore the encrypted files.

While these kinds of emails automatically gets marked as Spam by most big email providers Gmail, Microsoft and Yahoo, but sometimes they manage to give the email spam filters a slip and make their way to main inbox folder.

[adsense size='1']

While such an email may evoke suspicions immediately to a seasoned and tech savvy user,  users with less knowledge of infosec may deem it be a real mail from Google Chrome security team and this is what the handlers/authors of this malware hope to achieve.

Tagged with:

Comments are closed.