Security researchers at ReasonLabs are warning about an ongoing malware campaign that force install malicious browser extensions.
This includes Google Chrome and Microsoft Edge where close to 300k users have been impacted so far. The attempt modifies the executables and enables them to hijack the homepage and control browsing history.
All of the installers and extensions go undetected by antivirus measures and can steal data and carry out commands on compromised devices. This is why security experts are warning how threat actors are behind the incident and using all kinds of malvertising themes so that they can infect the system.
At first, the infection arrives when victims download software installers through fake websites that are marketed by malvertising on Google Search. Such campaigns make use of baits like VLC, Dolphin, KeePass, YouTube, TikTok Video, and Robolox to trap the victim.
The download installers evade being detected by every single AV engine found on VirusTotal as seen in this study. Shockingly, nothing that they promised can be found. Instead, they download payloads through remote servers and carry that out on the victim’s PC.
Threat actors push more malware or download other kinds of payloads. For so long, the malware has been installed on so many browser extensions and hijacking searches, making changes to homepages, and redirecting searches via threat actor servers so that browsing history is stolen.
ReasonLabs has enlisted all the malicious extensions found so far in their report and there are plenty of them. From these extensions, actors hijack users’ search queries and redirect to malicious results or ad pages for more revenue generation.
Other benefits attained by threat actors are storing sensitive credentials, history, and more private information. They can even monitor your activity online and carry out commands via the C2 server.
This whole time, extensions are disguised from view, and that makes their deletion even more difficult. Moreover, this malware makes use of various methods to keep them persistent on a machine. You might need to uninstall and then download the browser again for complete deletion.
The danger lies in the fact that so many people rely on Chrome’s automated process for updates and don’t do anything manually. This ensures the fault remains disguised for a long time.
So how can the infection be removed? The answer is simple. All you need to do is ensure victims go through a multi-step process for deleting any kind of malicious file. First, get rid of scheduled tasks through the Task Scheduler by searching for anything suspicious.
Next, get rid of the malicious registry that features all sorts of links. You can navigate it to the name of the extension and delete it to get rid of it. Lastly, use the AV tool to delete malware files and navigate to Windows Systems to delete the malware entry.
After the whole cleanup is initiated, you don’t need to reinstall browsers but it’s recommended. This will revert any changes that the malware did to the browser. Last but not least, exercise extreme caution when downloading software. Verify the credibility of the original developers and avoid downloading from unknown sources.
Image: DIW-Aigen
Read next: Does Apple Intelligence Prioritize Phishing Emails? Social Media Users Say Yes
This includes Google Chrome and Microsoft Edge where close to 300k users have been impacted so far. The attempt modifies the executables and enables them to hijack the homepage and control browsing history.
All of the installers and extensions go undetected by antivirus measures and can steal data and carry out commands on compromised devices. This is why security experts are warning how threat actors are behind the incident and using all kinds of malvertising themes so that they can infect the system.
At first, the infection arrives when victims download software installers through fake websites that are marketed by malvertising on Google Search. Such campaigns make use of baits like VLC, Dolphin, KeePass, YouTube, TikTok Video, and Robolox to trap the victim.
The download installers evade being detected by every single AV engine found on VirusTotal as seen in this study. Shockingly, nothing that they promised can be found. Instead, they download payloads through remote servers and carry that out on the victim’s PC.
Threat actors push more malware or download other kinds of payloads. For so long, the malware has been installed on so many browser extensions and hijacking searches, making changes to homepages, and redirecting searches via threat actor servers so that browsing history is stolen.
ReasonLabs has enlisted all the malicious extensions found so far in their report and there are plenty of them. From these extensions, actors hijack users’ search queries and redirect to malicious results or ad pages for more revenue generation.
Other benefits attained by threat actors are storing sensitive credentials, history, and more private information. They can even monitor your activity online and carry out commands via the C2 server.
This whole time, extensions are disguised from view, and that makes their deletion even more difficult. Moreover, this malware makes use of various methods to keep them persistent on a machine. You might need to uninstall and then download the browser again for complete deletion.
The danger lies in the fact that so many people rely on Chrome’s automated process for updates and don’t do anything manually. This ensures the fault remains disguised for a long time.
So how can the infection be removed? The answer is simple. All you need to do is ensure victims go through a multi-step process for deleting any kind of malicious file. First, get rid of scheduled tasks through the Task Scheduler by searching for anything suspicious.
Next, get rid of the malicious registry that features all sorts of links. You can navigate it to the name of the extension and delete it to get rid of it. Lastly, use the AV tool to delete malware files and navigate to Windows Systems to delete the malware entry.
After the whole cleanup is initiated, you don’t need to reinstall browsers but it’s recommended. This will revert any changes that the malware did to the browser. Last but not least, exercise extreme caution when downloading software. Verify the credibility of the original developers and avoid downloading from unknown sources.
Read next: Does Apple Intelligence Prioritize Phishing Emails? Social Media Users Say Yes
