The spam message has the headline "A NEW Google Chrome Extension". The text includes a link that redirects to a fake version of the Google Chrome Extensions page.
Rather than delivering the promised extension, the malicious page sends a program that modifies Windows' Hosts file to redirect Google and Yahoo searches to a fake site that downloads other malware.
An important clue is that the Trojan has the .exe filetype rather than .crx (Chrome Extension).
BitDefender officials say the company's free online scanner can detect existing infections.