Trojan.Win32.Cromex.a
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 90 % (High) |
Infected Computers: | 16 |
First Seen: | May 30, 2012 |
Last Seen: | September 22, 2022 |
OS(es) Affected: | Windows |
Trojan.Win32.Cromex.a is disguised as a fake key generator for Steam (a popular online gaming network similar to iTunes). Computer users looking to access Steam illegally are lured into websites hosting Trojan.Win32.Cromex.a through a series of YouTube videos supposedly recommending this Key Generator. However, the supposed 'Key Generator' is an executable file that actually installs Trojan.Win32.Cromex.a on the victim's computer. This Trojan takes the form of a malicious extension for the Google Chrome web browser. Rather than enabling the computer user to access Steam without a legitimate key, Trojan.Win32.Cromex.a does the opposite, detecting whenever a computer user enters information related to online gaming accounts or sensitive information, such as email passwords or credit card numbers. Then, Trojan.Win32.Cromex.a relays this information to a remote server. Because of this, ESG malware analysts strongly advise against using these kinds of key generators as they are a prime form of malware distribution.
YouTube videos associated with Trojan.Win32.Cromex.a lead to three distinct websites, which are flashed as annotations on the YouTube clip associated with this threat. At these websites, computer users can download a file named 'steam Game Key Generator.exe'. There is a reason why most security researchers strongly recommend against downloading and running suspicious executable files; these are often disguised malware infections. This supposed key generator is no exception. Running it installs 7.0.1428.crx on the victim's computer system. This file is a Google Chrome extension hosted on the website theonlyone(dot)goodluckwith(dot)us. Then the computer user is prompted to authorize this Google Chrome extension, disguised as the popular web browser security plug-in associated with the Avast anti-virus.
This malicious Chrome plug-in contains two JavaScript files named background.js and webProtection.js. This second file will detect whenever any of the following strings are shown in the web page the victim is visiting:
accounts.google
darkorbit
dofus
gameforge
google
login.live
metin2
minecraft.net
remboursetonforfait
steamcommunity
steampowered
Once detected, Trojan.Win32.Cromex.a will log all keystrokes, mouse movements, and other activity in an effort to obtain the victim's passwords or other important information. Finally, this information is sent in the form of a cookie to a remote server associated with this threat. Trojan.Win32.Cromex.a has also been known to detect connections to YouTube and automatically pressing 'like' on the videos that are used to distribute this fake Steam key generator.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.