Beware, this browser extension is a paradise for hackers

A new malicious extension that allows hackers to control your web browser remotely. Widespread on the web, it represents a real boon for hackers.

Named “Cloud9”, this malware agent automatically connects to the internet to communicate with other programs and perform certain tasks in your web browser (a botnet). A real little paradise for pirates that clearly does not wait for your permission to take control.

Infecting your browser is child’s play

Zimperium researchers have seen the damage that “Cloud9” can cause. Although not available on official download platforms, the software is disguised as an extension of Chromium browsers (Google Chrome, Microsoft Edge, Opera, Brave, Vivaldi, etc.). Instead, it arrives on your machine through malicious websites that contain fake executable files, often disguised as Adobe Flash Player updates.

Malicious Chrome browser extension – © Zimperium

Once there, the malware comes with a variety of surprising and scary features: siphoning cookies, injecting JavaScript code, recording what you type on the keyboard, but also mining cryptocurrencies and perform DDoS attacks by using your machine’s resources. A true Swiss army knife for hackers, as Nipun Gupta, researcher at Zimperium, reminds us:

“The extension not only steals the information available during the browser session, but can also install malware on a user’s device and then take control of the entire device. »

Zimperium identifies the malicious actor behind this software. It was a hacker known as “Keksec” who failed on his first try. In fact, it is by crossing data from other domains previously identified as being used to deploy malicious software that the hacker is “identified”.

To read : Uninstall these four mobile apps that show ads and steal your personal data

Unfortunately Cloud9 spread like wildfire because it was given away for free or sold cheaply to other less skilled hackers who could also use it for their criminal enterprise.

How to protect yourself from these harmful extensions

Zimperium researchers are familiar with this type of software and warn about educating users about these threats:

“Users should be educated about the risks associated with browser extensions outside of official download platforms, and companies should consider what security controls they have in place for those danger. »

Contacted by our colleagues at Bleeping Computer, a Google spokesperson also shared the company’s advice to guard against this type of malware:

“We always recommend that users update to the latest version of Google Chrome to ensure they enjoy the best level of security available.

Users can also stay better protected against malicious executables and websites by enabling Enhanced Protection in Chrome’s privacy and security settings.

Enhanced Protection automatically alerts you to potentially dangerous sites and downloads. It also checks the security of your downloads and warns you if a file is dangerous. »

enhanced with google chrome protection
Enhanced protection in Chrome – © Google

Note that Chrome Enhanced Protection requires the sending of browsing data to Google. Whether or not you have taken these precautions, we still advise you to clean the extensions installed in your browser.

DISCOVERING : 17 Android apps that steal your bank details and passwords

Source:

Zimperium

Leave a Reply

Your email address will not be published. Required fields are marked *