New Alert Issued For Malicious Extension On The Chrome Browser That Steals Online Accounts And More

A new malicious extension for the Chrome browser has been identified by security analysts and researchers.

The botnet has been dubbed ‘Cloud9’ and it has been shown to take part in a number of leading activities that are designed to cause harm to users. This includes stealing their online accounts, injecting ads, and even adding the user’s browser to DDoS attacks.

The malicious extension was described to be a remote access trojan that is designed for the Chrome web browser. This entails Google Chrome, Microsoft Edge, and more that enable threat actors to execute commands in a more remote manner.

This particular Chrome extension is not present on the actual Chrome web store but experts revealed how it was instead getting circulated via alternative channels like websites that pushed fake updates for Adobe Flash Player.

So far, experts feel the method is working out well, and as a researcher at Zimperium mentioned recently, infections of Cloud 9 were spotted in various systems around the world.

As far as its exact working mannerism is concerned, it’s a malicious extension that puts Chromium browsers on the task of doing malicious functions and many other capabilities. There are a total of three different JavaScript files that collect data, mine through cryptocurrency while utilizing host resources, and even perform the worst DDoS attacks. And in the end, the browser ends up running the most exploited content online.

All of these particular vulnerabilities can install and carry out Windows malware while enabling attackers to perform more major system compromises. And even if the malware component isn’t there, the famous Cloud9 extension has the tendency to steal cookies away from the compromised browser. In turn, threat actors may hijack user accounts or even take over their sessions.

And if that was not enough, this particular malware may entail a keylogger that snoops around to take away passwords and users’ sensitive details. This extension also gives rise to a clipper module that looks over for any information on credit cards and user passwords so they can be monitored.

It helps its operators earn more revenue by injecting ads at different places. A special type of DDoS attack called layer 7 can even be performed that targets the main domain without the victim noticing as it’s done via a botnet.

Hackers behind this particular extension were outlined as having links to another malware group called Keksec as all C2 domains present in the campaign were also observed on past attacks by Keksec. This group has been called out for creating and also running different botnet projects such as Tsunamy, Necro, and DarkIRC.

Experts claim that the victims that fall into the trap of Cloud9 are present around the world. And recent screengrabs posted via various threat actors on several forums prove that they’re putting different browsers at risk.

In addition to that, security researchers have noticed that seeing how Cloud9 is getting marketed on various cybercrime forums means Keksec is keen on selling it off to various other operators in the industry.


Read next: A Complete Rundown Of Why People, Especially Gamers, Install And Delete An App
Previous Post Next Post