• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Monday, July 6, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home News

Google Chrome is abused to deliver malware as ‘legit’ Win 10 app

by Aashish Sehrawat
October 30, 2021
in News, Popular, Tech, Trending
Reading Time: 3 mins read
0
Google Chrome is abused to deliver malware as ‘legit’ Win 10 app

Image: pureinfotech

TwitterWhatsappLinkedin
Image: pureinfotech

Malware distributed via a hacked website on Chrome browsers can infect systems and steal sensitive data like credentials and bitcoin by bypassing User Account Controls.

You might also like

Why Home Charging Is Cheaper Than Public Charging

OpenID Connect Explained: A Simple Guide to How Modern Login Systems Work

The Paradigm of Privacy Confidential Computing Explained

Crooks behind a newly discovered malware campaign are targeting Windows 10 with malware that may infect devices using a technique called User Account Control that successfully overcomes Windows cybersecurity measures (UAC).

Rapid7 researchers recently discovered the campaign and warn that the attackers’ goal is to extract sensitive data and cryptocurrency from the affected PC.

Andrew Iwamaye, Rapid7 research analyst, said that the malware maintains persistence on PC “by abusing a Windows environment variable and a native scheduled task to ensure it persistently executes with elevated privileges.”

The assault chain begins when a Chrome browser user visits a malicious website and is prompted to take action by a “browser ad service,” according to Iwamaye in a blog post published Thursday. As of this writing, inquiries about what the researcher refers to as a “browser ad service” have gone unanswered.

The attackers’ ultimate goal is to steal data such as browser credentials and bitcoin using the info-stealer virus. Other malicious behaviour includes obstructing browser updates and establishing system settings conducive to the execution of unauthorised commands.

Researchers discovered that attackers are delivering the malicious payload via a compromised website that has been specially built to exploit a version of Chrome (running on Windows 10) browser. Before the first infection, investigations into infected individuals’ Chrome browser history files revealed redirection to a number of strange domains and other peculiar redirect chains, according to Iwamaye.

“In the first investigation, the user’s Chrome profile revealed that the site permission settings for a suspicious domain, birchlerarroyo[.]com, were altered just prior to the redirects,” he wrote. “Specifically, the user granted permission to the site hosted at birchlerarroyo[.]com to send notifications to the user.”

Researchers discovered that birchlerarroyo.com displayed a browser message requesting permission to show notifications to the user after additional investigation. This, together with a reference to a suspicious JavaScript file in its source code, led the Rapid7 team to believe it had been hacked, according to Iwamaye.

According to the research, it’s unclear why or how a user might be persuaded to allow the site to make notification requests via the Chrome browser. The browser user was warned that their Chrome web browser needed to be updated once alerts were enabled. They were directed to a “convincing Chrome-update-themed webpage” after that.

The malicious Chrome browser update was connected to an MSIX type file, which is a Windows programme package. The MSIX file was named “oelgfertgokejrgre.msix” and was hosted on the chromesupdate[.]com domain. Researchers from Rapid7 confirmed that the file was a Windows application bundle.

For various reasons, the fact that the malicious payload was a Windows programme file is critical.

“The malware we summarized in this blog post has several tricks up its sleeve. Its delivery mechanism via an ad service as a Windows application (which does not leave typical web-based download forensic artifacts behind), Windows application installation path, and UAC bypass technique by manipulation of an environment variable and native scheduled task can go undetected by various security solutions or even by a seasoned SOC analyst,” Iwamaye wrote.

The researcher further explained:

“Since the malicious Windows application package installed by the MSIX file was not hosted on the Microsoft Store, a prompt is presented to enable installation of sideload applications, if not already enabled, to allow for installation of applications from unofficial sources,” the researcher wrote.

The machine is infected and the attack begins if the malicious Chrome update is installed.

A PowerShell command spawned by an executable named HoxLuSfo.exe, which was spawned by sihost.exe, a background process that launches and maintains the Windows action and notification centres, is used in the initial step of the assault.

The objective of the command was to overcome the Disk Cleanup Utility’s UAC, which was made possible by “a vulnerability in some versions of Windows 10 that permits a native scheduled job to execute arbitrary code by altering the content of an environment variable,” according to Iwamaye.

Tags: ChromeMalwaremicrosftVirusWindows10
Tweet54SendShare15
Previous Post

Mozilla Firefox joins browsers implementing Global Privacy Control

Next Post

The Intel Arc Alchemist GPU has the potential to be a game changer

Aashish Sehrawat

Recommended For You

Why Home Charging Is Cheaper Than Public Charging

by Samir Gautam
July 6, 2026
0
Why Home Charging Is Cheaper Than Public Charging

The rapid growth of electric vehicles has transformed the way people think about mobility. Instead of stopping at fuel stations every week, many EV owners now begin each...

Read more

OpenID Connect Explained: A Simple Guide to How Modern Login Systems Work

by Sneha Singh
July 6, 2026
0
OpenID Connect Explained: A Simple Guide to How Modern Login Systems Work

Nowadays, most websites and applications allow you to authenticate yourself through your Google, Microsoft, Apple, or Facebook account. Thus, there is no need to come up with a...

Read more

The Paradigm of Privacy Confidential Computing Explained

by Anochie Esther
July 5, 2026
0
confidential computing explained

The multi-billion-dollar global shift toward public cloud ecosystems, edge computing, and distributed artificial intelligence has fundamentally altered corporate digital security. For decades, the foundational framework of computer security...

Read more
Next Post
The Intel Arc Alchemist GPU has the potential to be a game changer

The Intel Arc Alchemist GPU has the potential to be a game changer

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?