The Stack Archive

eFast malware hijacks browser with Chrome clone

Tue 20 Oct 2015

eFast Browser, a new malicious adware which disguises itself as Google Chrome, has hijacked internet users’ systems in an apparent effort to serve its own ads and harvest user activity to sell to third-party advertisers.

According to security bloggers at Malwarebytes, the malware installs itself as the default internet browser and the default program for various popular file types, including .html, .jpg, .gif and .pdf, as well as a number of web links such as http, https and irc.

‘The installer for eFast also deletes all the shortcuts to Google Chrome on your taskbar and desktop, most likely hoping to confuse the user with their very similar icons,’ reads the blog post. It added that the adware shortcuts look extremely similar to Google Chrome’s, and also link to popular web pages like YouTube and Facebook.

eFast is able to mirror the aesthetics of Chrome as it uses the same source code, available across the open-source project Chromium. According to industry experts, this is an inadvertent positive for Google, which has invested heavily in upgrading its security. “Major props to the Chrome team that it’s getting so hard to hijack Chrome that malware literally has to replace it to effectively attack,” tweeted Swift on Security.

The deceitful adware is thought to have originated from free software bundles which install themselves without the user’s permission. Once installed, eFast places ads across existing web pages, linking to third-party e-commerce sites or other malicious platforms.

It is unclear whether the browser adheres to a privacy policy, but it is suspected that eFast is selling the personally identifiable information (PII) that it gathers from its victims to third-party advertisers. The malicious software claims to be owned by Clara Labs, who have developed a range of other browsers including Unico, Tortuga and BoBrowser. Clara Labs’ privacy policy claims that no PII is shared with third-parties.

The Chrome replacement can be easily removed by opening ‘Programs and Features’, locating the culprit and uninstalling it.


Google hacking news open source security
Send us a correction about this article Send us a news tip