New malware disguises itself as a Google Chrome clone and spams the user with popups and ads
Google Chrome may be the most popular web browser in the world, but it sure has a downside to being so.
A new malware has been spotted on the internet, which disguises itself as a Google Chrome clone and spams the user with popups and ads.
Malwarebytes reports that this PUP (Potentially Unwanted Program) is called eFlash browser, and it is not exactly a regular browser hijack. It actually installs a new browser on the user’s PC. It replaces Google Chrome’s icons with lookalikes which it creates, and also sets itself as the default handler of some file extensions and URLs, and also as the default browser.
The PUP also places some web shortcuts on your desktop, all of which are for popular websites, and all of these are open with the eFlash browser. So by doing all this, it ensures that it gets every chance to run whenever it can.
The fake Chrome browser also contains another .EXE file, which runs and is visible from the Task Manager, under the name predm.exe. You can just see the VirusTotal report (a multi antivirus scanning service owned by Google) of the that file, to know that it is indeed a malicious one.
What is astonishing is that the browser is built using Google’s Chromium as a source, so it looks exactly like Google Chrome. The hackers obviously did so to trick the user into thinking they are using the original Google Chrome.
So, how do you know your Chrome browser is the real one, and not the malicious eFlash browser. Simple, all you need is to open the following local URL, which will display the browser version.
Obvious other ways to spot the presence of eFlash is from the list of installed apps, which will display the PUP as one of the items of the PC, and also the default app handlers of Windows.
Even if you have it on your PC, don’t worry, as it is not really that hard to get rid of the malicious eFlash browser. A simple and staright forward solution would be to run a scan with a good malware removal program like the free Malwarebytes AntiMalware app. It is worth noting that for this to work, you need to have the PUP detections are enabled to “Treat detections as malware”, under the Settings of the app. You can find more details about this at the Malwarebytes security forums.