People in several Central and South American countries who want nothing more than to watch video online are being hit with a trojans that redirects the viewers to a new URL that contains malicious content.
These events were discovered by a WeLiveSecurity (ESET) research team when it detected an increasing number of JS/Chromex.Submelius threats. The redirect happens when the victim presses play to view the video. At this time a new window pops up demanding that the target download a Chrome extension. And the malicious window will not stop appearing until the victim relents.
That first download gives the hacker permission to read or change all the user's data on sites visited enabling the hacker to inject malware into each.
And this is the beginning of the endless loop the victim is trapped within.
“Then, while the user is browsing the internet, they will suddenly see new windows opening up with information about their system, taking them to other websites containing downloads of malicious code, advertising, or other kinds of content. This becomes an endless loop, which ultimately will benefit whoever is behind the fraudulent extension,” ESET wrote.
The cure is easy, simply find the rogue extension finding and deleting it in the Chrome extensions area.