Google’s browser, Chrome, and Chromium-based browsers like Edge, are vulnerable to malicious extensions due to a bonnet called “Cloud9.” Through this method, they manage to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim’s browser in DDoS attacks. To know the details, continue reading the following lines.
How does “Cloud9” manage to infect Chrome with malicious extensions?
The answer is simple: this is nothing more than a remote access Trojan (RAT). This way, it is possible to send commands from the site where the attacker is. One of the details that should alert users is that the extension is not found in the official web store, but rather circulates through external channels such as those sites that display fake Adobe Flash Player updates.
The attackers behind Cloud9 are suspected of having ties to the Keksec malware group, as the domains used in these attacks have been part of Keksec ones. Additionally, they are known to be experts on bonnets like EnemyBot, Tsunamy, Gafgyt, DarkHTTP, DarkIRC, and Necro.
There is also a strong suspicion on Zimperium’s part that the group is selling or renting “Cloud9” to other hackers. For its part, Google always recommends that you keep the Chrome browser updated along with enabling Enhanced Protection in its settings. This feature notifies the user when there are dangerous sites and downloads, in addition to thoroughly reviewing any download and verifying its authenticity.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Krsto Jevtic on Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp