The company’s specialists Malwarebytes found a very interesting example of malware. Malware eFast Browser, seeks to substitute the entire browser of the victim at all, instead of infecting an existing one.
The first problem the researcher noted, known as Swift, published a message in his twitter:
At first glance eFast Browser, is a regular representative of adware. The screen every now and then pop up banner ads, unsolicited advertising will appear on the site, It will redirect the users infectious web sites which can lead to high risk adware or malware infections. And, of course, Malware watching every move of the victim to sell illegal advertisers more valuable data about the user, so that they could show him even more publicity.
Following an issue told IB professionals of Malwarebytes, and they noticed an interesting thing. eFast Browser does not try to crack a user’s browser, it tries to replace him. According to the researchers, the malware deletes the infected machine with Chrome, takes his place, and replaces all the advertising links that could. This browser icon and its design look exactly like a real Chrome. This is not surprising, because Malvar is based on the open source engine, Chromium, so it is very high-quality fake. Apparently, the browser made by Clara Labs, known browsers like BoBrowser, Tortuga and Unico.
Swift said that by the authors Malvar, it is quite a smart move. Chrome on recent tightening the screws tighter, in particular, allows you to install third-party extensions, did not come from the official store Google. In a similar direction the Mozilla Firefox browser and Microsoft Edge. In this situation, replace the browser is easier than breaking real.
According PCrisk, eFast spreads mostly bundled with various free software from suspicious websites. Accidentally catching this infection is very difficult to remove and, fortunately, it is easy – like any other program.