Trojan disguised as Google Chrome extension

The announcement that Google Chrome is now the third most widely used browser wasn’t lost on cybercriminals. They follow the crowd, and that explains the recent appearance of a bogus Google Chrome extension that purportedly enables access to documents from emails.

Malware City reports that the offer of downloading the extension comes to the users via email. If the user follows the link, he is taken to a look-alike of the Google Chrome Extensions page, where the “extension” is provided for download.

But, one obvious indication that the file is not what it supposed to be is the extension of the file – instead of .crx, the file in question sports an .exe extension:

It turns out that it’s a Trojan that messes with the Windows HOSTS file in such a way that every time the user wants to access Google and Yahoo webpages, he is redirected to malware-laden clones of the search sites.