wave 2 logo mm

G Chrome
A malicious Chrome extension is spreading, and it's capable of stealing everything typed inside a browser window. Here's what to look out for before it spreads.
Catch-All spreads by telling the recipient that someone has sent them photos through WhatsApp. When the victim clicks on a link to the photos they're instead prompted to download WhatsApp.exe, which is actually an installer for the Catch-All extension.

 Capable of capturing everything a victim types into an infected Chrome browser, Catch-All is spreading through email phishing attacks. It has the potential to do a lot of damage if it spreads.
The installer masquerades as an Adobe Acrobat installer, which actually installs a dropper, which in turn downloads incredibly bloated binaries that are about 200MB each. Only about 3% of the binaries contain actual code—the rest are just no-op code that is there to trick antivirus software, which often skips scanning large files.
As a final step, the malware installer attempts to disable Windows Firewall and terminate all Chrome processes. It then modifies any Chrome launcher file to ensure that Catch-All is loaded when the browser is started up.
It also tweaks Chrome to disable user approval for script injection, permanently allow all extensions, and disable SafeBrowsing protections.
Once installed, Catch-All goes to work harvesting every single thing a victim types into Chrome. It saves it to a file and transmits stolen data to a command and control server—information like usernames, passwords, credit card numbers ... anything you type in your browser.
As with all phishing-based attacks, the key to being protected lies in not clicking the link. So be sure to:
•Enable a server-side email scanning solution, if possible. By identifying and removing malicious messages before users get them you could be preventing a lot of headaches.
•Be sure antivirus definitions are up to date on all your pc’s etc.
•Be sure Chrome, and other browsers, are kept up to date.
•Put good web filters in place that prevent users from opening up suspicious URLs.
•Disable URLs in email messages—if it can't be clicked it's not a risk.

Thank you to Terry Hawker for this warning. Yes it has been seen here in Tauranga.