Google Chrome “Properties” extension malware creating “Chrome_pref” file

0

Google Chrome is the most popular and widely used browser on the planet. According to Statcounter, Chrome had a browser share of around 65% in April 2022.

Developed by Google, it uses the Blink engine and is the main component of the company’s Chrome operating system. However, the browser is far from perfect, with users reporting security flaws from time to time.

Unfortunately, some Chrome users seem to be affected by a malicious browser extension called “Properties”. Users say the virus is limited to Chrome and affects some features (1,2,3).

Although it is still unclear how it infects machines, it could be related to ChromeLoader malware which uses Powershell to inject itself into the browser.

According to Chrome users, Properties extension malware causes the browser to crash every few seconds and creates a Chrome_pref file in the Windows local application data folder. Apart from that, the malware redirects search requests to Bing.

Many have tried deleting the Chrome_pref file in the local app data folder and deleting the problem-causing Properties extension, but the malware seems to reinstall anyway.

Some say that security extensions like MalwareBytes and ad blockers are also disabled by the virus. You can see in the image below how the Google Chrome Properties extension malware looks like.

Google-Chrome-Properties-extension-malware
Click/tap to enlarge image (Source)

In the past few days my Google Chrome has closed and reopened, and in doing so it added a random properties extension to it and changed the search engines to Bing. Once I open Chrome, I only have a few seconds before rebooting to get to the extensions tab before it completely prevents me from opening it. Along with this it seems to create a file in my Appdata > Local folder named Chrome_settings with its contents being a Javascript file named background, a JSON file named manifest and a PNG file named properties.
(Source)

So yesterday i got a random virus i didn’t click on any sus link or anything and after researching this virus i found out that a few people also got this virus in the last few days. The virus only affects my Chrome browser that I know of and basically it just redirects my searches to Bing and also randomly restarts my Chrome browser very often. This rendered my chrome virtually unusable. I found the virus is a chrome extension called Properties and has a folder called “chrome_pref” in my local appdata >.
(Source)

Luckily, we found a few workarounds that might help those infected with the Chrome Properties extension malware.

The first workaround requires users to download and install ProcessHacker, software similar to Windows Task Manager.

After opening ProcessHacker, try force closing the Chrome tab tree and relaunch the browser, remove the “Properties” extension, and delete related files from the local app data folder.

I use an interesting piece of software called “Processhacker” which I am not promoting or suggesting you use (wink). It’s basically a task manager on crack. If you have properties malware enabled, you will find a bunch of chrome tabs in a tree with CMD and Powershell. Finish the whole tree and relaunch chrome, the properties extension will temporarily disappear, from there open your files
Go to C:Users[UserName]AppDataLocal
find a folder in their called “Bloom” Nuke that. there may be other folders in your local appdata called things like “Chrome_tools” Nuke em too.
(Source)

Another user suggested deleting the Chrome_pref file and creating a text file and changing the file and extension with the same name.

Google-Chrome-Properties-extension-malware-workaround
Source

Although the second workaround will not completely remove the virus, it will prevent the malware from reinstalling the extension for now.

We hope the above-mentioned workarounds helped you to remove the Chrome Properties extension malware or limit its severity.

As always, we’ll update this space as we find more information, so be sure to stay tuned to PiunikaWeb.

To note: We have more stories like this in our dedicated Google section, so be sure to follow those as well.

PiunikaWeb began as a purely investigative tech journalism website with a primary focus on “breaking” or “exclusive” news. In no time, our stories were picked up by Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors and many more. Would you like to know more about us? Head here.

Share.

Comments are closed.