Desbloquear Conteúdo Chrome Extension

The Desbloquear Conteúdo Chrome Extension is a banking Trojan that collects login credentials for various bank websites, and also may include cryptocurrency-mining features. This threat creates no significant symptoms, but grants access to the victim's banking account to remote attackers. Let an appropriate anti-malware program delete the Desbloquear Conteúdo Chrome Extension when it's relevant, and contact your bank for their advice on any further security measures.

An Unblocker that Sends Content the Wrong Way

Most banking Trojans and other, spyware-based threats install themselves in formats that don't call for any consent or permission from the user and avoid making their presence visible. Criminals targeting users of Chrome and Brazilian banking sites are skirting that tradition by distributing a Chrome extension that includes account-compromising features. While the Desbloquear Conteúdo Chrome Extension has no longer any official hosting, its threat actors may re-upload it with updates, or host it on a third-party site.

The Desbloquear Conteúdo Chrome Extension, whose name translates to 'content unblocker,' is disguising itself as being an extension for giving access to content, such as articles, that websites may block for forcing the browser to load their advertisements, for example. Although the Desbloquear Conteúdo Chrome Extension has no such features, in reality, malware experts do confirm its use of a login-hijacking component. This JavaScript-based attack hijacks the password and related credentials whenever the user tries to log in to one of the various Brazilian banking websites. While it passes this data to a criminal's C&C server, it also completes the login process, which keeps the user from noticing any interruptions or suspicious activity.

Further analysis by malware experts also uncovers some potential evidence of the Desbloquear Conteúdo Chrome Extension's using a Bitcoin, Monero or another cryptocurrency-mining module previously. This feature also is JavaScript-derived, is undetectable by sight similarly, and could run whenever the bank's site loads.

Keeping Your Browser's 'Content Access' on the Safe Side

The Desbloquear Conteúdo Chrome Extension is a very atypical package for a banking Trojan, which, in most campaigns, uses installation methods that don't display an obvious browser extension or add-on. Its payload is, however, equivalent to that of other credential-hijacking threats and gives criminals immediate access to the online banking accounts of any victims. Malware experts have yet to see any direct equivalents of the Desbloquear Conteúdo Chrome Extension for non-Chrome browsers, and Google is no longer hosting the current version of the banking Trojan on its store.

All victims should change their passwords and related login credentials as per the recommendations of their banks and should monitor their accounts for any unauthorized activity. You also may wish to consider clearing temporary Web-browsing data, including the cache and cookies and inspect the browser for other changes to its security settings or extensions. Traditional anti-malware programs of most brands should delete the Desbloquear Conteúdo Chrome Extension, which uses a series of well-documented Man-in-the-Middle exploits.

Marketing itself, as an extension, may be a less-than-usual choice, but, otherwise, the Desbloquear Conteúdo Chrome Extension is a standard archetype of a Brazil-focused banking Trojan. The fact that its delivery method is innovative shows that the malware industry's experimentation with infection vectors and related tactics is an ongoing phenomenon.