The Internet can be a very dangerous place if you are not familiar with the more subtle workings within and around, where case in point we have a piece of malware that mimics itself as a Chrome installer. This impersonation will actually work on stealing sensitive data such as banking information while stripping software that is meant to protect online banking transactions. Right now, the trojan seems to target users who reside in Brazil and Peru, although there is no guarantee that anywhere else in the world remains unaffected. According to Trend Micro researchers, a malicious file known as ChromeSetup.exe that is hosted in domains like Facebook, MSN, Globo.com, Terra.com and Google is the culprit, where the majority of them appear to have connections to Brazil with .br or br. appearing in the URLs.
The malware will send an infected machine’s IP address and operating system to a C&C server after it is downloaded. Once that is accomplished, each time a user intends to access a legitimate bank site, the Trojan TSPY_BANKER.EUIQ will intercept the page request, showing a “Loading system security” dialog box, and redirecting users to a fake banking website in a slick manner.