Chrome OpenSUpdater Threat Revealed

by Wilbur Woodham
December 1, 2021
New Chrome threat detected
Written by Wilbur Woodham

Google Chrome is going through hard times. Google warns users of new high-level threats again. As you might know, in September, security specialists have found the 11th zero-day exploit1 of 2021 to target the browser. Users of Windows, iOS, and Linux should be aware that they are at risk. The malicious software’s name is OpenSUpdater and it poses a threat to Chrome users.

Chrome hacked again? Ok, what’s new?

Google cybersecurity experts have noticed that malware makers are practicing a new approach to AV-protected systems. Criminals have learned to evade safeguarding software by using specially created code signatures that Windows recognizes as legitimate. This method is behind the spread of OpenSUpdater that is already considered riskware (a potentially dangerous program). What does this one do? It infiltrates browsers and installs harmful software into the host system.

Who makes the risk group?

There main motive of the group behind this OpenSUpdater is monetary gain. The majority of victims of this malware are Americans who are not above downloading “cracks” and illegal software.

Infiltration secret

Neel Mehta

Neel Mehta is an information security expert at Google. Image via swipetounlock.com

Neel Mehta of Google Threat Analysis Group says OpenSUpdater creators have started to sign their brainchild’s executables with purposefully manufactured certificates. But what allowed the malicious software to operate freely in the users’ systems? The code samples of OpenSUpdater mess up OpenSSL parsing. This renders decoding and checking signatures impossible. Anti-virus programs relying on OpenSSL detection rules could not see OpenSUpdater. That’s because hackers marked their malware with invalid signatures, which compromised the process of anti-viral scanning. The absence of correct data on signatures, in turn, resulted in anti-malware solutions ignoring the object. You can get a glimpse into the technical depths of this vulnerability in a report by Neel Mehta.

Be advised! HowToFix.Guide features a tutorial on how to remove OpenSUpdater. If you were unlucky enough to catch one, try our recipes to get rid of this harmful software.

Wilbur Woodham
Wilbur Woodham
IT Security Expert
It is better to prevent, than repair and repent!
When we talk about the intrusion of unfamiliar programs into your computer's work, the proverb "Forewarned is forearmed" describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Anti-Malware
DOWNLOAD NOW
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

References

  1. Zero-day is a kind of hardware or software vulnerability that has been detected but not patched yet. Zero-day exploit, therefore, is malware that takes advantage of such vulnerability.
Chrome OpenSUpdater Threat Revealed
Article
Chrome OpenSUpdater Threat Revealed
Description
Google Chrome is going through hard times. The company warns users of new high-level threats again. In September, security specialists have found the 11th zero-day exploit of 2021 to target Chrome. Users of Windows, iOS, and Linux should be aware that they are at risk.
Author
Copyright
HowToFix.Guide
 

About the author

Wilbur Woodham

I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

View all posts

Leave a Reply

Sending