back to article Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco Talos

Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers. Delivered through phishing emails, the Masslogger trojan’s latest variant is contained within a multi-volume RAR archive using the .chm file format and .r00 extensions, said …

  1. Pascal Monett Silver badge
    Stop

    And bingo !

    CHM is a compiled HTML file that contains an embedded HTML file with JavaScript code to start the active infection process. "

    Javascript, again.

    Block it, and the install process fails.

    NoScript FTW !

    1. Mike 137 Silver badge

      Re: And bingo !

      Which is why the UK National Cyber Security Centre web site is entirely a javascript app - you can't even see emergency contact details unless scripting is enabled.

      I spoke to them about this, but they weren't interested.

      1. ThatOne Silver badge

        Re: And bingo !

        Seriously, what's security compared to coolness and programming street cred?

        Besides, their goal isn't to be secure, but to be paid for it.

        1. David 132 Silver badge
          Trollface

          Re: And bingo !

          More likely, they haven’t found that particular option in their copy of MS FrontPage yet.

    2. druck Silver badge

      Re: And bingo !

      Unfortunately NoScript isn't available for Microsoft Help, which is what loads/runs .chm files.

  2. Version 1.0 Silver badge

    It's not just Javascript

    I see malware deliveries every day, all of them are quarantined by the mail server if they contain any of the files listed. But the majority of malware attempts these days seems to be delivered via Excel files containing macros. They are quarantined and I delete them after checking the spam score and source.

  3. HildyJ Silver badge
    Facepalm

    No way out

    You can harden hardware and software, and you should.

    You can bury Javascript with a stake through its heart, and you should.

    But, ultimately and unfortunately you can't avoid the wetware that insists on clicking the shiny button.

    1. FlamingDeath Silver badge

      Re: No way out

      A bit like an employee trying to set their company mailbox password to company name and appended numbers

      We dont let people in control of dangerous machines, cars, without a license. A computer is far more dangerous vehicle

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022