Malware spread via fake Google Chrome download campaign

Google Chrome Malware Fake Domain Cyberattack Campaign

Overview

Recently, iZOOlogic has observed a fraudulent website impersonating Google’s official Chrome download page, distributing malicious software to unsuspecting users. The operation exploits deceptive SSL certificates issued by “Google Trust Services” to appear legitimate. The campaign targets users seeking the Chrome browser by directing them to malicious download links.

Details of Malicious Domains and Infrastructure

Primary Fake Domain
- URL: https://google.[tw].cn/
- SSL Certificate Issuer: Google Trust Services (used to increase perceived legitimacy).
Malicious File
- Download Link: https://down.[app].tw.cn/cho_mea64.zip
- Extracted File: cho_mea64.exe
- SHA256 Hash: 4ca9da66d04a5f68deb0bab55aca5d64b8d8307c58f2943d6a67a3b584855ee2

Key Observations

Use of Google’s Name and Branding
The campaign leverages Google’s brand name in domain names (google.tw.cn) and SSL certificates to mislead users.
SSL Certificate Issuance
While the certificate issuer, “Google Trust Services,” adds credibility to the malicious domain, it also raises questions about misused certification processes.
Network Infrastructure
The C2 domain (boss.google.tw.cn) and IP (8.210.144[.]166) are shared across multiple campaigns, suggesting a coordinated operation.

Indicators of Compromise (IOCs)

S.No.	Type	Indicator
1.	Domain	analytics.chgroup.cagoogle.com
2.	Domain	caepension.cagoogle.com
3.	Domain	marchegoodfood.cagoogle.com
4.	Domain	web.tfc.bnc.cagoogle.com
5.	Domain	canada.cagoogle.com
6.	Domain	ww25.geogle.net
7.	Domain	www.ooggie.world
8.	Domain	www.ooggie.xyz
9.	Domain	ooggie.world
10.	Domain	geogle.net
11.	Domain	googaale.com
12.	Domain	google.tw.cn
13.	Domain	googleviiew.com
14.	Domain	oggle.top
15.	Domain	chrrome.cn
16.	Domain	xz.googlechinecn.world
17.	Domain	ooggie.xyz
18.	Domain	gg.psofbzu.cn
19.	Domain	www.simplyjunk.cagoogle.com
20.	Domain	54africana.cagoogle.com
21.	Domain	starbucks.cagoogle.com
22.	Domain	calendar.cagoogle.com
23.	Domain	leopro.cagoogle.com
24.	Domain	google.cagoogle.com
25.	Domain	allpreciousjewellers.cagoogle.com
26.	Domain	csp.cagoogle.com
27.	Domain	snaploan.cagoogle.com
28.	Domain	transports.gouv.qc.cagoogle.com
29.	Domain	ville.montreal.qc.cagoogle.com
30.	Domain	www.ryerson.cagoogle.com
31.	Domain	bnc.cagoogle.com
32.	Domain	www.hub.forestrycoop.ubc.cagoogle.com
33.	Domain	www.hsbc.cagoogle.com
34.	Domain	novascotia.cagoogle.com
35.	Domain	www.census.gc.cagoogle.com
36.	Domain	www.dan.googlek.com
37.	Domain	robinsonbrothers.cagoogle.com
38.	Domain	www.plus.googlek.com
39.	Domain	mail.googaale.com
40.	Domain	www.googlek.com
41.	Domain	agcounts.geogle.net
42.	Domain	mm.adm.xxaaba.com
43.	Domain	source.corp.googlek.com
44.	Domain	ooglex.xyz
45.	Domain	xjh.adm.jkfoen.com
46.	Domain	chromewebstore.googaale.com
47.	Domain	bbh.api.sdfgha.com
48.	Domain	play.googlek.com
49.	Domain	xjh.adm.sdfgha.com
50.	Domain	l.googlek.com
51.	Domain	accounts.googlek.com
52.	Domain	mm.h5.xxaaba.com
53.	Domain	xjh.h5.jkfoen.com
54.	Domain	www.googleviiew.com
55.	Domain	www.gooogleweb.com
56.	Domain	gooogleweb.com
57.	Domain	bbh.adm.sdfgha.com
58.	Domain	play.googaale.com
59.	Domain	www.geogle.net
60.	Domain	chrome.7ecc.com
61.	Domain	sitemaps.googaale.com
62.	Domain	admin.geogle.net
63.	Domain	xjh.api.jkfoen.com
64.	Domain	policies.googaale.com
65.	Domain	mm.api.xxaaba.com
66.	IP	23.224.210.118
67.	IP	104.21.20.137
68.	IP	188.114.96.0
69.	IP	172.67.192.240
70.	IP	23.224.94.46
71.	IP	154.82.100.24
72.	IP	104.21.93.126
73.	IP	104.21.75.227
74.	IP	172.64.80.1
75.	IP	172.67.165.186
76.	IP	172.67.163.63
77.	IP	188.114.97.3
78.	IP	143.92.48.238
79.	IP	104.21.88.182
80.	IP	172.67.182.229
81.	IP	188.114.97.0
82.	IP	172.67.151.194
83.	IP	104.21.85.53
84.	IP	188.114.96.3
85.	IP	104.21.34.81
86.	IP	172.67.175.74
87.	IP	104.21.31.80
88.	IP	172.67.209.227
89.	IP	172.67.154.130
90.	IP	144.48.240.11
91.	IP	154.82.100.26
92.	IP	172.67.201.50
93.	IP	104.21.38.5
94.	IP	154.82.100.127
95.	IP	104.21.49.129
96.	IP	172.67.202.122
97.	IP	104.21.88.71
98.	IP	154.82.100.136
99.	IP	172.67.173.166
100.	IP	104.21.82.73

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Malware spread via fake Google Chrome download campaign

Overview

Details of Malicious Domains and Infrastructure

Key Observations

Indicators of Compromise (IOCs)

Yuvraj Badgoti

Leave a Reply Cancel Reply

Categories

Contact Us

Contact Us

Solutions

Company

Resources