Watch out for this Google Chrome and Microsoft Edge botnet extension
Cloud9 can steal passwords, credit card data, and run DDoS attacks
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
If you stumble upon a website asking you to download the latest update for theAdobeFlash Player - maybe think twice, as a new campaign to distribute a malicious browser add-on for Chromium-based browsers has been discovered by cybersecurity researchers from Zimperium
The experts warn that the only thing you’ll be downloading is the Cloud9 browser botnet that can do all kinds of nasty things through the Chromiumbrowser.
According to their research, Cloud9 is an add-on that can do various malicious acts, such as stealing online accounts, logging keystrokes, silently loading ads, and using the browser in Distributed Denial of Service (DDoS) attacks. Should it be allowed to do so, the add-on will also abuse various exploits to drop additionalmalwareto the target endpoint, becoming even more dangerous.
Keksec is at it again
“Layer 7 attacks are usually very hard to detect because the TCP connection looks very similar to legitimate requests,” Zimperium explained. “The developer is likely using this botnet to provide a service to perform DDOS.”
The researchers believe a group known as Keksec is behind the latest malware distribution campaign, as it uses the same command & control (C2) servers that were used by Keksec in the past. This wouldn’t be Keksec’s first botnet, as they’ve developed EnemyBot, Tsunamy, Gafgyt, DarkHTTP, DarkIRC, and Necro, already.
With this latest product, they don’t seem to be targeting anyone specific, as the victims are spread all over the world. Another possibility is that Keksec is actually selling or renting the tool to other threat actors, hence the diverse victims list.
Your browser extensions may be secretly hiding a botnet>Your browser extensions may be secretly hiding a botnet>These are the best privacy tools right now
Responding to the findings toBleepingComputer,Googlewarned users to always update their browsers to the latest version and have up-to-date security protections.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Users can also stay better protected from malicious executables and websites by enabling Enhanced Protection in the privacy and security settings in Chrome,” Google added. “Enhanced Protection automatically warns you about potentially risky sites and downloads and inspects the safety of your downloads and warns you when a file may be dangerous.”
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
