Skip to main content

Hackers compromise hundreds of WordPress websites to distribute Chaes banking trojan that hijacks victims' Chrome browsers with malicious extensions.





A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago.


First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest sensitive consumer information, including login credentials, credit card numbers, and other financial information.


"Chaes is characterized by the multiple-stage delivery that utilizes scripting frameworks such as JScript, Python, and NodeJS, binaries written in Delphi, and malicious Google Chrome extensions," Avast researchers Anh Ho and Igor Morgenstern said. "The ultimate goal of Chaes is to steal credentials stored in Chrome and intercept logins of popular banking websites in Brazil."


The attack sequence is triggered when users visit one of the infected websites, upon which a pop-up is displayed, urging them to install a fake Java Runtime application. Should the user follow through the instructions, the rogue installer initiates a complex malware delivery routine that culminates in the deployment of several modules.


Chaes Banking Trojan

Some of the intermediary payloads are not only encrypted but also hidden as commented-out code inside the HTML page of a Blogger blogspot domain ("awsvirtual[.]blogspot.com"). In the final stage, a JavaScript dropper downloads and installs as many as five Chrome extensions —


Online – A Delphi module used to fingerprint the victim and transmit the system information to a command-and-control (C2) server

Mtps4 (MultiTela Pascal) – A Delphi-based backdoor whose main purpose is to connect to the C2 server and wait for a responding Pascal Script to execute

Chrolog (ChromeLog) – A Google Chrome password stealer written in Delphi

Chronodx (Chrome Noder) – A JavaScript trojan that, upon detecting the launch of Chrome browser by the victim, closes it immediately and reopens its own instance of Chrome containing a malicious module that steals banking information

Chremows (Chrome WebSocket) – A JavaScript banking trojan that records keypresses and mouse clicks on Chrome with the goal of plundering login credentials from users of Mercado Livre and Mercado Pago

Stating that the attacks are ongoing, Avast said that it had shared its findings with the Brazilian CERT to disrupt the malware's spread. That said, Chaes-related artifacts continue to remain on some of the infected websites.


"Chaes exploits many websites containing CMS WordPress to serve malicious installers," the researchers concluded. "The Google Chrome extensions are able to steal users' credentials stored in Chrome and collect users' banking information from popular banking websites."


Source; #THN

#osutayusuf

Comments

Post a Comment

Popular posts from this blog

More Than 100 Angry Youths Chased Maracha District Officials Out of Site Meeting Over Corruption.

📸: Some of the angry Youths displaying placards as others walked in to stop the ongoing meeting by Maracha District officials. Story by Osuta Yusuf. Maracha District. 3-February-2025. 📸: Kololo Public Seed Secondary School whose construction project has again stalled. Photo by Osuta Yusuf, Our News Reporter. The angry youths from Vurra Parish, Tara Sub-county in Maracha East constituency, Maracha District have on Monday 3-Feb-2025 chased the entire Maracha District officials out of a site meeting in Kololo Seed Secondary over allegations of corruption stemming from the stalled seed school construction project. Key Maracha District officials who went for the site meeting on Monday 3-Feb-2025 include, the Security department headed by the deputy RDC Koliba Monica Kotevu and Assistant RDC Collins Dramani, the LC5 Chairperson Hon Obitre Stephen together with his DEC Councilors, the accounting  / technical department headed by the CAO Mr Olila Patrick, the Engi...
Post a Comment
Read more

Ambassador Angualia Richard Perished in a Fatal Accident.

Story by Osuta Yusuf. Arua City. 29-7-2025. 📸: Portrait of Ambassador Angualia Richard. Courtesy Photo. Former Uganda's Ambassador to Egypt, Ambassador Angualia Louis Richard has been reported dead this evening 5pm 28-7-2025 after he was involved in a head-on collision accident with another motorcycle rider near Abi Farm, Ayivu East Constituency in Arua City. 📸: Photos from the scene of the Accident. Courtesy Photos. He met his death this evening while riding on a Bajaj Motorcycle. Amb. Angualia, who contested in 2011 for Maracha County but lost to Hon Alex Onzima Adrooa. In 2016 when two Constituencies were created in Maracha District, carving Maracha Constituency and Maracha East constituency, Ambassador Angualia contested for Maracha Constituency MP position in 2016 but lost to Hon Oguzu Lee Denis. Ambassador Angualia later shifted to contest in Maracha East Constituency but again lost to Hon Ruth Lematia Molly Ondoru during the 4-September-2020...
1 comment
Read more

Lab Student Drowned, Body Missing in Rokoze Lake in Nyadri Sub-county, Maracha District.

Maracha District.  5-December-2025. 📸: Residents gathered around the lake as they searched the missing body of the student. Photo by #Information_is_Power's news reporter.  This afternoon Friday 5-December-2025, a student from St Joseph Laboratory Training School in Maracha hospital, a one  Araku Denis drowned in Rokoze water body in Nyadri Sub-county and the  body has not been retrieved upto this night as the police and residents searched for it and in vain but they are expected to resume retrieving it tomorrow Saturday 6-December-2025. 📸: Photo of the deceased which we captured on his phone screen this night. Araku and his fellow students had  reportedly gone to pass time at water point after completing exams papers of today. Him and callagues got attracted to swimming at water body where he perished.  By press time, efforts to retrieve his body proved futile as the body remains invisible on water surface.  Rokoze water body...
Post a Comment
Read more