https://threatpost.com/en_us/blogs/attackers-using-fake-chrome-updates-lure-victims-011113
Attackers Using Fake Chrome Updates to Lure Victims
Google patched nearly two dozen security vulnerabilities in Chrome on Thursday and a day later attackers have begun circulating fake Google Chrome updates that actually are part of a scam related to the Zeus botnet and is designed to steal online banking credentials, among other things.
Attackers have been using fake Chrome updates to lure victims for several months now, and the most recent scheme uses a similar approach as the past ones and also uses related files. Researchers at GFI Labs discovered a renewed wave of attempts by attackers to trick users into downloading and installing a file that purports to be a Google Chrome update, but is in fact mostly interested in snagging sensitive data, such as banking credentials, from victims.
"The file itself has been around for a while, being seen on around 14 or so websites since around October and is listed at Malwr.com which mentions attempts to access Firefox’s Password Manager local database – meanwhile, it’s listed on the comments section of VirusTotal as beingcapable of stealing banking credentials. You’ll notice they mention Zeus – indeed, one of the DNS requests made is to a site by the Malware is related to ZBot / Blackhole exploit kit attacks.