JS/ExtenBro.FBook [Threat Name] go to Threat

JS/ExtenBro.FBook.AS [Threat Variant Name]

Category trojan
Size 217088 B
Aliases Trojan.Win32.Antavmu.abcm (Kaspersky)
  Trojan:Win32/Kilim.G (Microsoft)
Short description

The trojan is a malicious Google Chrome extension/plugin. It can show advertisements.

Installation

When executed, the trojan copies itself into the following location:

  • %localappdata%\­Google\­Chrome\­User Data\­Default\­Extensions\­kfnnmlhdpbehgecmnpkgjolhjmaboeed\­FlashPlugin.exe

The following files are dropped:

  • %localappdata%\­Google\­Chrome\­User Data\­Default\­Preferences
  • %localappdata%\­Google\­Chrome\­User Data\­Default\­Extensions\­kfnnmlhdpbehgecmnpkgjolhjmaboeed\­manifest.json
  • %localappdata%\­Google\­Chrome\­User Data\­Default\­Extensions\­kfnnmlhdpbehgecmnpkgjolhjmaboeed\­background.js

The trojan attempts to delete the following file:

  • %programfiles%\­Google\­Update\­GoogleUpdate.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Chromium" =" %userprofile%\­AppData\­Local\­Google\­Chrome\­User Data\­Default\­Extensions\­kfnnmlhdpbehgecmnpkgjolhjmaboeed\­FlashPlugin.exe"

The following Registry entries are created:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Applets\­Regedit]
    • "LastKey" = "My Computer\­HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run"
Other information

The trojan is a malicious Google Chrome extension/plugin.


The trojan interferes with communication when any of the following sites is accessed:

  • www.facebook.com

It can show advertisements. The trojan may redirect the user to the attacker's web sites.

Please enable Javascript to ensure correct displaying of this content and refresh this page.