|12 Oct 2013||#1|
| || |
Redirect hides browser extension
While analyzing a malicious Chrome browser extension we recently came across a Virtool that tries to redirect the Chrome Extension page.
We detect it as VirTool:JS/Redichrextor.A.
VirTool:JS/Redichrextor.A won’t let you view, change, remove or uninstall Chrome browser extensions. It does this by stopping you from viewing the Chrome Extension page.
It uses this technique so an affected user won’t be able to remove or uninstall the malicious extension without help from their antimalware software. This makes VirTool:JS/Redichrextor.A a useful piece of code for any malicious Chrome browser extension that wants to avoid manual detection or removal.
When an affected user does try to view the Chrome browser extension page they are redirected. We have seen it open a new tab, or go to the Chrome web store or Google.com:
•Chrome://newtabWe have also seen similar behaviour used by the following known malicious Chrome browser extensions:
•Trojan:JS/KilimOnce VirTool:JS/Redichrextor.A is detected and removed, you should be able to go to the Chrome extension page.
We recommend you then check and uninstall any suspicious browser extension that might be linked to VirTool:JS/Redichrex.A or other malware. We also recommend keeping your security products up-to-date to avoid infection.
While this new trick makes it harder to remove the Virtool manually, it is still easily detected and removed by Microsoft Security software.
Jonathan San Jose
|My System Specs|
|Similar help and support threads for2: Redirect hides browser extension|
|Google undeletes RSS extension for Chrome browser||News|
|Task switcher hides behind windows||General Discussion|
|Chrome Extension Idea - Extension Bar||Browsers & Mail|
|What Hides the Wiring?||PC Custom Builds and Overclocking|
|Microsoft hides mystery Firefox extension in toolbar update||News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 01:00 AM.