Chrome is remotely controlled through malicious extensions

Google’s browser, Chrome, and Chromium-based browsers like Edge, are vulnerable to malicious extensions due to a bonnet called “Cloud9.” Through this method, they manage to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim’s browser in DDoS attacks. To know the details, continue reading the following lines.

Read: Dropbox suffered a security breach through phishing

How does “Cloud9” manage to infect Chrome with malicious extensions?

The answer is simple: this is nothing more than a remote access Trojan (RAT). This way, it is possible to send commands from the site where the attacker is. One of the details that should alert users is that the extension is not found in the official web store, but rather circulates through external channels such as those sites that display fake Adobe Flash Player updates. 

It was the Zimperium researchers who noticed the unusual activity and who have been tracking it, across many countries at once. As they report, these malicious extensions consist of three JavaScript files for collecting system information, mining cryptocurrency using the host’s resources, performing DDoS attacks, and injecting scripts that run browser exploits.

The attackers behind Cloud9 are suspected of having ties to the Keksec malware group, as the domains used in these attacks have been part of Keksec ones. Additionally, they are known to be experts on bonnets like EnemyBot, Tsunamy, Gafgyt, DarkHTTP, DarkIRC, and Necro.

There is also a strong suspicion on Zimperium’s part that the group is selling or renting “Cloud9” to other hackers. For its part, Google always recommends that you keep the Chrome browser updated along with enabling Enhanced Protection in its settings. This feature notifies the user when there are dangerous sites and downloads, in addition to thoroughly reviewing any download and verifying its authenticity.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world. 

malicious extensions

Photo by Krsto Jevtic on Unsplash.

Facebook: Eagle Tech Corp

Instagram: @eagletech_corp

Twitter: @eagletechcorp

LinkedIn: Eagle Tech

YouTube: Eagle Tech Corp

Cyber security & IT Managed Services

Table of Contents

Share this Article
Related Articles