Google Chrome is going through hard times. Google warns users of new high-level threats again. As you might know, in September, security specialists have found the 11th zero-day exploit1 of 2021 to target the browser. Users of Windows, iOS, and Linux should be aware that they are at risk. The malicious software’s name is OpenSUpdater and it poses a threat to Chrome users.
Chrome hacked again? Ok, what’s new?
Google cybersecurity experts have noticed that malware makers are practicing a new approach to AV-protected systems. Criminals have learned to evade safeguarding software by using specially created code signatures that Windows recognizes as legitimate. This method is behind the spread of OpenSUpdater that is already considered riskware (a potentially dangerous program). What does this one do? It infiltrates browsers and installs harmful software into the host system.
Who makes the risk group?
There main motive of the group behind this OpenSUpdater is monetary gain. The majority of victims of this malware are Americans who are not above downloading “cracks” and illegal software.
Infiltration secret
Neel Mehta of Google Threat Analysis Group says OpenSUpdater creators have started to sign their brainchild’s executables with purposefully manufactured certificates. But what allowed the malicious software to operate freely in the users’ systems? The code samples of OpenSUpdater mess up OpenSSL parsing. This renders decoding and checking signatures impossible. Anti-virus programs relying on OpenSSL detection rules could not see OpenSUpdater. That’s because hackers marked their malware with invalid signatures, which compromised the process of anti-viral scanning. The absence of correct data on signatures, in turn, resulted in anti-malware solutions ignoring the object. You can get a glimpse into the technical depths of this vulnerability in a report by Neel Mehta.Be advised! HowToFix.Guide features a tutorial on how to remove OpenSUpdater. If you were unlucky enough to catch one, try our recipes to get rid of this harmful software.
User Review
( votes)References
- Zero-day is a kind of hardware or software vulnerability that has been detected but not patched yet. Zero-day exploit, therefore, is malware that takes advantage of such vulnerability.