The Slovak computer security company, known to our customers especially for the antivirus software Nod32 of which we are resellers, has launched a new alarm: there is a trojan that, exploiting some Chrome extensions, infects the computers of users who frequent pirated streaming sites.
Despite law enforcement efforts to protect copyright, there are still many websites offering illegal streaming of movies, TV series, documentaries, and sporting events. It is the user who pays the price for this illegal traffic and, if discovered, penalties are applied. However, Eset has pointed out that in addition to the damage there could also be the so-called hoax, in the form of Trojans.
Specifically, the trojan involved would be “Submelius”, and it would act by exploiting some Chrome extensions that, theoretically, should serve to display the contents of some pirated streaming portals (we are obviously not talking about legal channels such as Amazon Prime Video, and Netflix). But how does infection occur? When the user arrives with Chrome on a given site for illegal viewing of multimedia content and clicks on one of them, it would trigger the opening of a non-advertising but fraudulent pop-up. This dialog box, in fact, takes the user to an apparently service landing page, asking for the installation of some extensions aimed at playing the movie of his interest.
For the user who is eager to enjoy a first cinematic release at no cost, the required passage may not cause any concern, but alas it could cost him dearly! In fact, once the malicious extensions are granted permissions, they monitor the user’s browsing data and redirect the user to sites full of viruses and malware intended for phishing activity.
However, you can go back to normal -just don’t click on infected links- if you experience similar behavior from your Chrome browser: just remove all recently installed add-ons in the appropriate section, available at “chrome://extensions”. In case of failure, even with Chrome’s “restore” option, you can run a scan with AdwCleaner, the portable program from ToolsLib/Malwarebytes that removes bars and advertising extensions in addition to the action of a good antivirus, obviously updated.