Wednesday , March 26 2025
Malware

New Malware Infect over 300,00 Chrome & Edge Users

infosecbulletin Sunday , August 11 2024 Ransomware

A new malware campaign is currently installing fake Google Chrome and Microsoft Edge extensions through a trojan found on fake websites posing as popular software.

“The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal private data and execute various commands,” the ReasonLabs research team said in an analysis.

Micropatches released for Windows zero-day leaking NTLM hashes

By infosecbulletin / Wednesday , March 26 2025
Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes

VMware Patches Authentication Bypass Flaw in Windows Tool

By infosecbulletin / Wednesday , March 26 2025
On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
VMware Patches Authentication Bypass Flaw in Windows Tool

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

By infosecbulletin / Tuesday , March 25 2025
Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
IngressNightmare Over 40% of cloud environments are vulnerable to RCE

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

By infosecbulletin / Tuesday , March 25 2025
Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
(CVE-2025-29927) Urgently Patch Your Next.js for Authorization Bypass

Oracle refutes breach after hacker claims 6 million data theft

By infosecbulletin / Sunday , March 23 2025
A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
Oracle refutes breach after hacker claims 6 million data theft

Russian zero-day seller to offer up to $4 million for Telegram exploits

By infosecbulletin / Saturday , March 22 2025
Operation Zero, a Russian zero-day broker, is offering up to $4 million for Telegram exploits. They seek $500K for one-click...
Read More
Russian zero-day seller to offer up to $4 million for Telegram exploits

Cybercriminals Exploit Checkpoint’s Driver in a BYOVD Attack

By infosecbulletin / Friday , March 21 2025
Threat actors are exploiting a component of CheckPoint's ZoneAlarm antivirus to bypass Windows security measures. Nima Bagheri, a security researcher...
Read More
Cybercriminals Exploit Checkpoint’s Driver in a BYOVD Attack

IBM and Veeam Release Patches in AIX System and Backup

By infosecbulletin / Friday , March 21 2025
IBM has resolved two critical vulnerabilities in its AIX operating system that could allow command execution. The list of shortcomings,...
Read More
IBM and Veeam Release Patches in AIX System and Backup

WhatsApp patched zero-click flaw exploited in spyware attacks

By infosecbulletin / Wednesday , March 19 2025
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the...
Read More
WhatsApp patched zero-click flaw exploited in spyware attacks

CVE-2025-24472
CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild

By infosecbulletin / Wednesday , March 19 2025
CISA has issued a critical alert about a critical vulnerability in Fortinet’s FortiOS and FortiProxy systems. CVE-2025-24472, an authentication bypass...
Read More
CVE-2025-24472 CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild

“This trojan malware, existing since 2021, originates from imitations of download websites with add-ons to online games and videos.”

The malware and extensions have affected over 300,000 users of Google Chrome and Microsoft Edge, showing a widespread impact.
The campaign uses malvertising to promote fake websites that trick users into downloading a trojan, which then installs browser extensions. These fake websites mimic known software like Roblox FPS Unlocker, YouTube, VLC media player, Steam, and KeePass.

The malicious installers, which are digitally signed, create a scheduled task. This task runs a PowerShell script that downloads and executes a payload from a remote server.

To hijack search queries on Google and Microsoft Bing, extensions from Chrome Web Store and Microsoft Edge Add-ons can be installed by modifying the Windows Registry. These extensions will then redirect the search queries through attacker-controlled servers.

“The extension cannot be disabled by the user, even with Developer Mode ‘ON,'” ReasonLabs said. “Newer versions of the script remove browser updates.”

It additionally activates a locally downloaded extension from a command-and-control (C2) server, which possesses advanced functions to intercept web requests, forward them to the server, receive encrypted commands and scripts, and inject/load scripts on all pages.

On top of that, it hijacks search queries from Ask.com, Bing, and Google, and funnels them through its servers and then on to other search engines.

 

Check Also

Firefox windows

RomCom Exploits Firefox and Windows Zero-Day

According to ESET, Russia linked Ramcom exploit the two zero days of Mozilla FireFox and …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin