Malware impersonating a Google Chrome Installer is actually stealing data while stripping software used to protect online banking transactions. The Trojan at present appears to target users in Brazil and Peru.
Trend Micro researchers report in a blog post
that they have discovered a malicious file called ChromeSetup.exe hosted in domains such as Facebook, MSN, Globo.com, Terra.com and Google. Most appear tied to Brazil since .br or br. appears in the URLs.