eFast Malware Hijacks Browser With Chrome Clone

An anonymous reader writes with a report at The Stack that: eFast Browser, a new malicious adware which disguises itself as Google Chrome, has hijacked internet users' systems in an apparent effort to serve its own ads and harvest user activity to sell to third-party advertisers. It is able to mirror the aesthetics of Chrome as it uses the same source code, available across the open-source project Chromium. Once installed, eFast places ads across existing web pages, linking to third-party e-commerce sites or other malicious platforms.

Mirrors the aesthetics of Chome? It's Firefox?!?

Hmmm, "disguises itself as Google Chrome" and "mirror[s] the aesthetics of Chrome".

Sounds like Firefox!

Windows only

[Crowd+Computing]

The program appears to be available only for Windows.

LOL, w00t?

[gstoddart]

It is unclear whether the browser adheres to a privacy policy

LOL, WTF??? So, malware which rips out your browser, puts itself in its place, and then serves you ads and whatever the hell else it does ... and they're asking if it adheres to a damned privacy policy?

Anything which installs itself like that can safely be assumed to not give a flying crap about your damned privacy.

Why the hell they even ponder if something like this follows a privacy policy? It's malware. No, it isn't going to have a privacy policy.

eFast Bad - Google Good?!?

Wait, eFast is using the open source Chromium code to build a browser to serve ads and collect user PII, and that is wrong, but when Google uses the same open source code base to build a browser to serve ads and collect user PII that's great?!?

WTF?!?

Re:eFast Bad - Google Good?!?

[Rob+Y.]

There's just the minor side issue of fraud, asshole. If they want to provide a browser (yes, and even base it off of Chromium) and use some unique feature of it to convince people to let them serve you ads, I suppose that would be marginally okay - except the bit about hijacking websites and siphoning off their revenue streams, which seems at best unethical.

But let's not miss out on yet another opportunity to bash Google for the business model that provides you with search, email, youtube and the Chromium source tree in the first place. Perhaps you'd care to point me to alternatives that do it all for free without ad support? And don't point me to a wrapper around Google search - we're talking about viable business models that produce useful services, not simple appropriation.

lesson learned?

[lkcl]

windows and macosx users, listen up. GNU/Linux Distributions have a digitally-signed audit trail that goes all the way back to multiply personally-verified GPG key signatures. *NO* malware gets through that process - absolutely none. and the reason why is very simple: anyone who dares to install malware would, by virtue of the GPG-signed audit chain, be tracked back and their reputation so publicly destroyed - forever - that they would never work in the software industry ever again.

not even microsoft or apple, no matter how they try, can replicate this audit trail, because their software installation is (a) not transparent (i.e. not trustworthy) and (b) as those corporations set themselves up as the "single choke-point" they simply don't have the time, the resources or the financial incentive to support *YOU*, the user, when *YOU* want to install some random piece of third party software.

in short, i am sorry to have to inform you that if you run the windows or the macosx operating systems, *despite* the fact that you are perfectly entitled to install 3rd party software [for now, anyway: it's getting harder to do], despite the fact that if you choose not to install 3rd party software your computer would be completely useless - despite all these things being true and perfectly valid, i am sorry to have to inform you that *if* you choose to install 3rd party software, you get everything that you deserve.

people who install GNU/Linux OSes don't do it "because it's fun" or "because they want a challenge of running command-line tools", they do it because they *know* and trust the digital audit trail based on the publicly-verifiable reputation of the 1000+ developers behind each distribution, and, because that trail exists, they can feel that they're safe from malware and spyware when they follow the install procedures that come with their OS.

of course, there are those people - GNU/Linux users - who bypass that process, and perform manual installation of random unverified online packages. such people it has to be said _also_ get what they deserve.

now, we can indeed track the MD5 checksums, and manually check the digital signatures, or even manually build the software ourselves (regardless of the OS), but the inconvenience and complexity of doing so is beyond most people - often myself included: i just cannot be bothered to compile software from source these days unless it's absolutely essential. ... but why put yourself through that?? why are you risking yourself to exposure to privacy violations and data violatinos? i genuinely don't understand why you would do that to yourself. perhaps someone could explain it to me.

Re:lesson learned?

[squiggleslash]

Last time I installed Chrome (not Chromium, but actual Chrome) on Ubuntu I still had to download it from Google trusting Google's process rather than Canonical's. So no, it didn't go through some encryption protected carefully managed central repo. And, obviously, if someone can install software from Google via downloads, they can install other software via downloads, including malware.

Re:lesson learned?

[Gaygirlie]

GNU/Linux Distributions have a digitally-signed audit trail that goes all the way back to multiply personally-verified GPG key signatures. *NO* malware gets through that process - absolutely none. and the reason why is very simple: anyone who dares to install malware would, by virtue of the GPG-signed audit chain, be tracked back and their reputation so publicly destroyed - forever - that they would never work in the software industry ever again.

Red herring. Efast didn't arrive to people's computers via official channels. Linux is just as vulnerable to malware when stuff is being installed via unofficial channels.

i am sorry to have to inform you that *if* you choose to install 3rd party software, you get everything that you deserve.

Looking down on people from your high horse doesn't grant you any wisdom, it seems. People have all sorts of different needs, like e.g. not all software is available for Linux or have a good, open-source alternative. Not even all F/OSS-software is up-to-date on official repos, either. Similarly, not being aware of all the implications of security-issues and computing in general does not mean a person "deserves" all the bad things arising from their ignorance. You just wish to toot your own horn in an effort to bolster your ego.

why are you risking yourself to exposure to privacy violations and data violatinos? i genuinely don't understand why you would do that to yourself. perhaps someone could explain it to me.

As said above: not all software is available under Linux, not all software have reasonable F/OSS-alternatives, not all hardware works properly under Linux and so on and so forth.

Re:lesson learned?

[ArchieBunker]

That may be true but the software could be full of security holes. Millions of people compiled OpenSSL while never once reading it. Turned out to be swiss cheese.

Re:lesson learned?

printf("\v"); This was published in August 1984, and credits other work prior to that, including a security critique of an "early version of Multics". It's a 40 year old attack. Your "full trust" argument is bullshit. There are mitigations for this specific trust attack, but they're not practiced widely. And other similar trust attacks aren't mitigated at all.

If someone writes malware for Linux, there will be malware for Linux. (And it has already happened.) The only thing keeping malware on Linux from being widespread is that most people dumb enough to install random shit from a website don't run Linux. It's what protected the Mac for so long: it wasn't a juicy target. If/When Linux reaches the masses, there will be plenty of malware for it.

You can't protect stupid people from themselves. You have to protect yourself from stupid people. That's the way the world works, regardless of your computer's operating system.

Now get off the stump in the middle of my lawn.

Re:lesson learned?

[leiz]

There is another way to go about it. If you trust Google's Linux software repository, you can install the repo's GPG key first: https://www.google.com/linuxre...

After that, all downloads from Google, e.g. apt-get install google-chrome-stable, gets the same GPG verification as anything from Debian/Ubuntu. Downloads are still over HTTP, just like Debian/Ubuntu, because the GPG verification is there to actually verify the downloads.

Re:lesson learned?

[Tom]

Really? Let me check, certificate-based systems are entirely designed around a chain of signatures. GPG signatures are... uh... well, if it's in your keychain, it will be accepted. The workaround is to sign the package that contains the public keys.

Don't get me wrong, I like the Debian approach, it's practical and it works. But I think you are being a little too ideological.

Follow the money

[QuietLagoon]

Instead of going after those who plant the malware (in this case, the Chrome clone), why not go after those "third party advertisers" and those who place the ads on the hijacked browser?

Re:I wonder

[Khyber]

There's more information than there should be, that's for sure.

http://sourceforge.net/project... - check that out. Odds are we can find this person VERY EASILY.

Also possibly involved accounts (from checking other contributors to other projects listed from the originally-linked account):

http://sourceforge.net/u/rosha...
http://sourceforge.net/u/dllth...

Possible eFast Suspect

[Khyber]

Going through the SF repository for eFast, I have a name of one Mr. Isarith Mahappu K, of No: 15, Chapel Terrace, Stafford, ST163AH.

Last time I can see that property for sale on the market was 14 Dec, 2007. Odds are it is still owned, probably by this same person.

Burning Question...

[avandesande]

Can I install the Ask toolbar on it?

no indication efast == Efast Browser malware

[raymorris]

It should be noted that all we know is that someone thought about publishing something called efast. We don't know that this person is involved with the Efast Browser malware.

Great Firewall

[tepples]

Why would people go to download Chrome from a site that isn't the official Google page?

One possibility is that someone lives in a country where all ISPs block downloads from Google.