Malware impersonating a Google Chrome Installer is actually stealing data while stripping software used to protect online banking transactions. The Trojan at present appears to target users in Brazil and Peru.
Trend Micro researchers report
in a blog post that they have discovered a malicious file called ChromeSetup.exe hosted in domains such as Facebook, MSN, Globo.com, Terra.com and Google. Most appear tied to Brazil since .br or br. appears in the URLs.