Malicious Google Chrome clone eFast serves ads, collects info

A Google Chrome lookalike browser dubbed eFast is being actively pushed onto users. The software is at best annoying and unwanted, and at worst can lead users to malware.

Posing as a legitimate application that will benefit users, eFast is actually only helpful to its creators – it sidelines other browsers, generates intrusive online ads (the creators are paid for each click), redirects users to potentially malicious pages, and monitors their Internet browsing activity, which is then sold to third party companies.

“eFast Browser is mostly proliferated as a ‘bundle’ with other (mostly free) software,” PC Risk’s Tomas Meskauskas warns. “Users do not expect bundled applications to be concealed, and thus, developers intentionally hide them within the ‘Custom’ or ‘Advanced’ settings. Users who rush the download/installation processes and skip this section often inadvertently install potentially unwanted programs. In doing so, they expose their systems to risk of infection and compromise their privacy.”

The browser is based on the Chromium open source browser, and is visually very similar to Google Chrome. The creators also chose an icon for it that will remind users of Chrome (click on the screenshot to enlarge it):

During installation, eFast will attempt to replace Chrome if that is already installed, by deleting all the shortcuts to it on your taskbar and desktop.

“To make sure that you will use your new browser, eFast makes itself the default browser and takes over some file-associations. File-associations are settings that determine which program will run when files with a certain extension are opened,” Malwarebytes’ Pieter Arntz explains.

So each time you want to open a GIF, PDF, HTML, JPG, and a number of other file types, eFast will open them for you. The same will happen if you want to open a link for a number of protocols, including HTTP, HTTPS, FTP, IRC, MMS, TEL, and many others.

Not satisfied with all this, the browser will also create shortcuts to popular sites and put them on your desktop. Naturally, they are all set to open with the eFast browser.

Needless to say, eFast can only bring grief to end users, and if you have been saddled with it, follow these instructions to remove it.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss