16 Sep Adware Hijacks Chrome to Steal User Facebook, Twitter Information
Lawrence Abrams of Bleeping Computer recently revealed an adware that uses Chrome DLL hijacking to steal information from the user’s social media accounts.
The trojan called AdService, which is secretly distributed by adware bundles, can steal passwords by replacing the DLL file a program needs to load with a malicious one. Abrams found that AdService replaces the winhttp.dll file which Chrome loads. When the DLL is loaded, it will attempt to connect to a remote site, then proceed to steal information such as friends list, email and phone numbers, as well as Facebook credit card details.
Abrams says that while 45 out of 65 security vendors are able to detect the service, most of them will not identify it as a password stealer.
Source: Bleeping Computer