Google Chrome ‘Properties’ Malware Extension Creating ‘Chrome_pref’ File

Google Chrome is the most popular and widely used browser on the planet. According to Statcounter, Chrome had a browser share of around 65% in April 2022.

Developed by Google, it uses the Blink engine and is the main component of the company’s Chrome OS. However, the browser is far from perfect with users reporting security exploits from time to time.

Advertising

Unfortunately, some Chrome users seem to be affected by a malicious browser extension called “Properties”. Users say the virus is limited to Chrome and affects some features (1,2,3).

Although it is not yet clear how it infects machines, it could be related to the ChromeLoader malware which uses Powershell to inject itself into the browser.

According to Chrome users, the Properties extension malware causes the browser to crash every few seconds and creates a Chrome_pref file in the Windows local application data folder. Apart from that, the malware redirects search requests to Bing.

Many have tried deleting the Chrome_pref file in the local app data folder and deleting the problem-causing Properties extension, but the malware seems to reinstall anyway.

Some say that security extensions like MalwareBytes and adblockers are also disabled by the virus. You can see in the image below how the Google Chrome Properties extension malware looks like.

Google-Chrome-Properties-extension-malware
Click/tap to enlarge image (Source)

In the past few days my google chrome has closed and reopened and in doing so it added a random properties extension to it and changed the search engines to Bing. Once I open chrome I only have a few short seconds before rebooting to go to the extensions tab before it completely stops me from opening it. Along with this it seems to create a file in my Appdata>Local folder named Chrome_settings its contents being a Javascript file named background, a JSON file named manifest and a PNG file named properties.
(Source)

So yesterday I got a random virus, I didn’t click on any above links or anything and while researching this virus I found that a few people also got this virus from course of the last days. The virus only affects my Chrome browser that I know of and basically all it does is redirect my searches to Bing and also randomly restarts my Chrome browser very often. This rendered my chrome basically unusable. I found the virus is a chrome extension called Properties and has a folder called “chrome_pref” in my appdata>local.
(Source)

Luckily, we found a few workarounds that might help those infected with the Chrome Properties extension malware.

The first workaround requires users to download and install ProcessHacker, software similar to Windows Task Manager.

After opening ProcessHacker, try force terminating the Chrome tabs tree and relaunch the browser, remove the “Properties” extension and delete related files from the local app data folder.

I use an interesting piece of software called “Processhacker” which I am not promoting or suggesting you use (wink). Its basically crack task manager. If you have active malware properties, you will find a bunch of chrome tabs in a tree with CMD and Powershell. Finish the whole tree and relaunch chrome, the properties extension will disappear temporarily, from there open your files
Navigate to C:Users[UserName]AppDataLocal
find a folder in their called “Bloom” Nuke that. there may be other folders in your local appdata called things like “Chrome_tools” Nuke em too.
(Source)

Another user suggested deleting the Chrome_pref file and creating a text file and replacing the file and extension with the same name.

Google-Chrome-Properties-extension-malware-workaround
Source

Although the second workaround will not completely remove the virus, it will prevent the malware from reinstalling the extension for now.

We hope the above-mentioned workarounds helped you to remove the Chrome Properties extension malware or limit its severity.

As always, we’ll update this space as we come across more information, so be sure to stay tuned to PiunikaWeb.

Note: We have more such stories in our Google Section so be sure to follow them too.

PiunikaWeb began as an investigative tech journalism website with a primary focus on “breakthrough” or “exclusive” news. In no time, our stories were picked up by Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors and many more. Would you like to know more about us? Head here.

Leave a Comment