A newly discovered Trojan named Mutahaba impersonates Google Chrome under the name Outfire. All Internet users should be careful when browsing the Web as the attack campaigns with Mutahaba have already started.
Mutahaba Has Started to Target Computer Users
The Mutahaba Trojan is one of the latest threats that impersonate legitimate software to conceal themselves. The malware is disguised as a Google Chrome download that is installed on the target system via a dropper – an installation file that poses as a famous software application. Such droppers can be found by visiting malicious links found on web sites and spam emails.
Upon execution of the dropper, it contacts a remote C&C server which transfers the Mutahaba Trojan. Finally, the dropper itself is removed from the system. The malware registers itself in the Windows Registry launches several system services. Several processes are launched to load and install the latest version of the Trojan.
The Outfire disguise, which poses as Google Chrome and contains the malware, modifies the already installed browser by removing or creating its shortcuts and imports the existing user information.
When the installation is complete, the counterfeit browser displays a malicious home page that cannot be changed by the settings menu. It also has a fixed extension that uses its search engine and delivers advertising set by the malware creators.
There are two major differences that make Mutahaba unique – it removes other counterfeit browsers on the target system and uses the recently discovered Windows UAC vulnerability.
So far no remote access features have been indicated, but it is possible that the criminals can gain information from the target machines if they can upload the imported account information and browsing history from the legitimate Google Chrome browser. Security experts indicate that a massive attack campaign with Mutahaba payload may be upcoming.