JS/Chromex.FBook [Threat Name] go to Threat

JS/Chromex.FBook.A [Threat Variant Name]

Category trojan
Size 248463 B
Detection created Mar 19, 2013
Signature database version 8136
Short description

JS/Chromex.FBook.A is a trojan that posts messages to user profiles on social networks. The trojan is a malicious Google Chrome extension/plugin.

Installation

The trojan creates the following files:

  • %localappdata%\­Google\­Chrome\­User Data\­Default\­User StyleSheets\­Custom.css (63 B)
  • %localappdata%\­Google\­Chrome\­User Data\­Default\­Extensions\­%variable%\­3.38_0\­background.js (2149 B)
  • %localappdata%\­Google\­Chrome\­User Data\­Default\­Extensions\­%variable%\­3.38_0\­icon128.jpg (7902  B)
  • %localappdata%\­Google\­Chrome\­User Data\­Default\­Extensions\­%variable%\­3.38_0\­manifest.json (1201 B)
  • %localappdata%\­Google\­Chrome\­User Data\­Default\­Extensions\­%variable%\­3.38_0\­new_tab.html (99 B)
  • %localappdata%\­Google\­Chrome\­User Data\­Default\­Extensions\­%variable%\­3.38_0\­new_tab.js (68 B)
  • %localappdata%\­Google\­Chrome\­User Data\­Default\­Extensions\­%variable%\­3.38_0\­script.js (224 B)

A string with variable content is used instead of %variable% .


The following Registry entries are created:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Policies\­Google\­Chrome]
    • "HomepageIsNewTabPage" = 1
    • "DeveloperToolsDisabled" = 1
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Policies\­Google\­Chrome\­ExtensionInstallForcelist]
    • "1" = "oohihabmclafciafgmimanggjobnmceg;https:///vupdate.xml"
Other information

JS/Chromex.FBook.A is a trojan that posts messages to user profiles on social networks.


The following social networking sites are affected:

  • www.facebook.com

Please enable Javascript to ensure correct displaying of this content and refresh this page.