14 DAY TRIAL // Symantec experts have identified a variant of the notorious TDL malware (also known as TDSS or Tidserv) that relies on the legitimate Chromium Embedded Framework (CEF) to accomplish its malicious tasks.
What’s even more curious is that the malware downloads the 50MB framework on each of the infected devices.
Since this new version has been launched, the number of CEF downloads has increased considerably, on March 21 reaching almost 25,000 downloads.
It’s uncertain if the number of downloads represents the number of malware infections, but this is a likely scenario judging by the graph published by Symantec.
The use of CEF, which provides web browser control based on the Google Chromium project, allows cybercriminals to move basic web browser functionalities from the malware’s own modules to the framework’s library.
However, the authors of the CEF are not happy with the fact that cybercriminals are using their creation. As such, they’ve removed the binary used by the malware from the Google Code project page.
Additional technical details of the new TLD malware are available on Symantec's blog.