In these recent attacks cyber criminals target victims using social media networks, specifically those individuals inside financial organizations and those who make financial transactions. These victims were then called using the phone by the attacker posing as bank employees, who then used social engineering tactics to trick the victim to install an "update" to the bank’s security module.
The victims, worried that they would lose access to their account, complied by installing a Chrome extension called Interface Online offered by Internet Security Online. The extension was available on Tuesday in the Chrome store. As it was discovered, Google took it down. This scam was first discovered in Brazil, but expect this soon in the US and Europe.
The pressure-filled phone call to the banks includes instructions on how to update the supposed security module. The victim is provided with a web address over the phone and when they click “Install,” they are redirected to the extension’s installation page, hosted in the Chrome Store. The cyber criminal keeps the victim on the line throughout the installation process and once it’s complete, has them test their access to the corporate bank account. As they enter their credentials, the data is sent to the attackers in the background.
“I’ve had the opportunity to listen to one of those calls and I must admit that they make it in a professional way,” Marinho told Threatpost.
“In my opinion, the criminals are shifting from the traditional [malicious spam] to targeted and more creative attack methods here in Brazil,” Marinho said. ‘It’s getting common to have victims reporting that they are receiving phone calls from someone pretending to be from a bank and urging the victim to do something, like installing a fake security module, this case, or asking them to type the token combination on a fake website.”
These attacks are the latest in a growing trend of fraud exploiting Chrome extensions. In the recent weeks, researchers have reported at least eight popular Chrome plugins had been hijacked and were being abused to manipulate internet traffic and serve ads in the browser.
Warn your accounting team that this is a new scam they need to watch out for. Also, ensure your company systems are managed by a professional IT service provider to monitor and maintain the network and IT systems. It is important that the provider implements comprehensive security services as part of their offering.