The app is still active at the time of writing and sends collected Attack.Databreach user details to an AOL email address . Discovered today by MalwareHunter , this application goes above and beyond of what other card stealers have attempted , most of which are half-baked efforts , often easy to recognize as malicious applications thanks to their quirky graphics and misaligned designs . This app , named `` Betaling - Google Chrome.exe '' , tries to pass as the Google Chrome browser and does a good job at it . Betaling is n't a perfect Google Chrome , though , as there are a few clues that experienced users can spot . For starters , the malicious app requires users to have installed a minimum version of .NET Framework 4.0 or higher , a requirement the real Google Chrome never had . Second , the app also uses the standard Windows 8/8.1/10 Metro style , even when running on a Windows 7 PC . Third , while Betaling tries to trick Attack.Phishing users into thinking it 's the real Chrome , outside of the lock icon and the address bar , the rest of the Chrome UI is missing , such as the tab bar , the menu , Chrome buttons , and others . Users ca n't resize the window , ca n't minimize it , ca n't make it fullscreen , ca n't drag it , and ca n't enter a new URL . Nevertheless , much less sophisticated malware has been able to infect hundreds or thousands of users in the past , which means Betaling and its UI can be quite effective . Several security researchers who 've taken a look at Betaling were impressed by its carefully crafted design . Non-infosec people thought Betaling was a phishing page loaded Attack.Phishing inside a Chrome browser , and only some time later realized they were n't looking at a Chrome window to begin with . Currently , Betaling 's interface is only available in Dutch , which reveals the malware 's current target . The form displayed inside the fake Chrome window is n't blind to user input like most phishing pages , and some data validation takes place , yielding two sorts of errors . If correct the data is entered , Betaling collects Attack.Databreach all information and sends it to an AOL email address at whatsapp.hack @ aol.com . This email address was discovered when security researchers analyzed the application 's source code . Accessing its inbox , they 've discovered recent logs , including the test data entered during Bleeping Computer 's tests , meaning the app works just fine . Besides recent logs from Betaling , researchers also found logs from an unidentified keylogger . These logs went back as far as January 2016 and included details from victims from all over the world . `` It 's been long since he got any [ keylogger ] logs , '' said a security researcher that goes by the name of Guido , who also analyzed the malware . Guido , who already reported the malware to authorities , says the initial entries for the keylogger logs contained a series of recurring email addresses . Common sense dictates these are the author 's own emails , which he used for testing , during the keylogger 's development and subsequent rollout . These two emails , patrick * * * @ live.nl and patrick * * * * * * * @ gmail.com , are also linked to accounts on the Spokeo social network . Furthermore , Betaling 's PDB file includes a compilation path of `` C : \Users\Patrick\ '' , and the Betaling EXE file is also self-signed by an invalid certificate authority named `` CN = DESKTOP-PC\Patrick '' . Both mentions of the `` Patrick '' name are consistent with the two email addresses found in the keylogger 's first log entries . It 's now up to authorities to investigate and determine if the owner of the two email addresses is behind Betaling or not . Furthermore , Guido told Bleeping Computer that in August 2016 , `` Patrick '' sent an email from the AOL account to ankit * * * * * * @ speedpost.net asking for help with a `` stealer '' that was having several bugs