Powerpool attack: Recent Windows zero-day vulnerability is exploited in tampering with Google Chrome

Sep 10, 2018Elley
Learn more about 360 Total Security

A few days ago, an elevation of privilege vulnerability in Windows was exposed, but only two days later, an organization called Powerpool was eyeing this vulnerability, and also produced a Trojan.

Even though the Trojan is produced in a very short period, its attack power is still significant. Once the computer is attacked, the attacker can intercept the user’s screen to upload and download files, steal user information and password, and so on. What is more, this Trojan targets Google Chrome as its attack object. Its destructive action began with “tampering with Google Chrome’s upgrade program”.

This starts with the privilege vulnerability in windows. Originally, the update program in Google Chrome was a program with system privileges, which was only responsible for browser upgrades. However, the Trojan exploited this vulnerability and turned it into a tool to steal the user’s private information.

When Google Chrome automatically updates at the next time, the hidden Trojan will also start with system privileges, giving strange instructions to user’s computer, such as automatic operation, silent monitoring screen, intercept private information, upload and download files, and even retrieve Outlook and web browsers to steal user’s account password.

The Trojan’s attack target is not limited to ordinary individual users, stealing personal privacy and information. it is also possible to attack corporate servers, stealing important corporate documents, and may even further extort or do other malicious action. Moreover, at present, the Trojan is mainly spread by spam, so if you receive an email with the unknown source, do not click it. According to the previous Powerpool attacks, these emails may have been scattered in the US, Germany, Britain, Ukraine, Russia and other countries.

Qihoo 360’s Security Brain provides the latest techniques to protect our users against zero-day vulnerability

In the face of unknown and sudden Trojan attacks, taking the initiative to prevent beforehand is undoubtedly the most important task in protecting network security. Qihoo 360’s Security Brain is an all-in-one intelligent security system that comprehensively utilizes new technologies such as artificial intelligence, big data, cloud computing, IoT intelligent sensing, and blockchain to protect the country, national defense, critical infrastructure, society, and cities. Among them, its situational awareness system can capture global malicious attacks or network anomalies in real time.

In fact, sometimes the user is attacked is because he/she lacks security awareness rather than the hacker moves too fast or the Trojan is too powerful. Trojans cannot be silently found in the computer, hence we recommend our users to install 360 Total Security to intercept Trojans and other malware timely.

Learn more about 360 Total Security