If you've ever used Google Chrome to search for free films, TV shows or premium boxsets on the web then be warned. Scammers are using the lure of watching content online - and without a subscription - to infect Google's hugely popular web browser with a nasty bug that can hijack internet searches and push users to fake sites that are loaded with money-making adverts.
That's according to a new report from HP Wolf Security who say threat actors are hijacking users’ Chrome browsers if they try to download popular movies or video games from pirating websites.
This tactic can be hugely rewarding for cyber crooks especially as this latest attack is highly persistent with it able to re-launch itself every 50 minutes. Scammers are distributing their vicious payload via a Chromeloader extension called Shampoo which they ask unsuspecting users to install when they try and watch videos online.
Once added to Chrome, it can then redirect the victim’s search queries to malicious websites, or pages.
To make matters worse, getting riding of the bug isn't as easy as simply deleting the extension with it using a sneaky tactic to hide and reload things once a user tries to remove it.
If you think you may have accidentally installed this bug here's the latest advice from HP Wolf Security.
• Remove any scheduled tasks prefixed with "chrome_".
• Legitimate Chrome scheduled tasks are normally prefixed with " Google ".
• Delete the registry key "HKCU\Software\Mirage Utilities\".
• Then reboot the computer.
Along with that nasty Shampoo extension, HP Wolf Security is also urging all Chrome users to watch out for fake OneNote documents.
Cyber attackers are taking advantage of these popular files to embed malicious software behind fake “click here” icons.
Once tapped it's able to execute malware to give attackers full access to the users’ machine – this can then be sold on to other cybercriminal groups and ransomware gangs.
Explaining more about these latest and pretty terrifying threats, Patrick Schläpfer, Malware Analyst at the HP Wolf Security threat research team, HP Inc, said: “To protect against the latest threats, we advise that users and businesses avoid downloading materials from untrusted sites, particularly pirating sites.
"Employees should be wary of suspicious internal documents and check with the sender before opening. Organizations should also configure email gateway and security tool policies to block OneNote files from unknown external sources."
Google also has advice for Chrome users with the technology giant saying that if you're seeing some of these problems with Chrome, you might have unwanted software or malware installed on your computer:
• Pop-up ads and new tabs that won't go away
• Your Chrome homepage or search engine keeps changing without your permission
• Unwanted Chrome extensions or toolbars keep coming back
• Your browsing is hijacked and redirects to unfamiliar pages or ads
• Alerts about a virus or an infected device
In the future, avoid unwanted software by only downloading files or visiting sites that you know are secure.
