Summary: A recent investigation revealed that the malicious application DriverEasy pretends to be a legitimate Google Chrome update to steal user credentials. It utilizes Dropbox’s API to exfiltrate sensitive information, including passwords, and is linked to North Korea’s cyber-espionage activities. Users are encouraged to remain vigilant against unexpected credential prompts and organizations should enhance endpoint detection mechanisms.
Affected: Users of Google Chrome and Dropbox
Keypoints :
- The malware displays fake prompts to trick users into revealing their system passwords.
- DriverEasy utilizes OAuth 2.0 credentials to authenticate with Dropbox for data exfiltration.
- It shares common traits with other North Korean malware, highlighting a sophisticated approach to cyber threats.
Source: https://gbhackers.com/fake-chrome-update-delivers-drivereasy-malware/