Saturday , September 21 2024
Malware

New Malware Infect over 300,00 Chrome & Edge Users

infosecbulletin Sunday , August 11 2024 Ransomware

A new malware campaign is currently installing fake Google Chrome and Microsoft Edge extensions through a trojan found on fake websites posing as popular software.

“The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal private data and execute various commands,” the ReasonLabs research team said in an analysis.

Dell to investigate data breach claim after hacker leaks info

By infosecbulletin / Friday , September 20 2024
Dell is investigating claims of a data breach after a threat actor leaked information on over 10,000 employees. "We are...
Read More
Dell to investigate data breach claim after hacker leaks info

ALERT
Hackers Using Supershell Malware Targeting Linux SSH Servers

By infosecbulletin / Friday , September 20 2024
Researchers found an attack targeting poorly secured Linux SSH servers using Supershell, a backdoor written in Go that gives attackers...
Read More
ALERT Hackers Using Supershell Malware Targeting Linux SSH Servers

GitLab Patches Critical Authentication Bypass flaw

By infosecbulletin / Thursday , September 19 2024
GitLab released patches for a critical flaw in Community and Enterprise Editions that could allow authentication bypass. The vulnerability in...
Read More
GitLab Patches Critical Authentication Bypass flaw

Ransomware hit Bangladeshi Globe Pharmaceuticals Ltd

By infosecbulletin / Thursday , September 19 2024
On September 16, 2024, Globe Pharmaceuticals Ltd., a major pharmaceutical company in Bangladesh, was hit by a ransomware attack detected...
Read More
Ransomware hit Bangladeshi Globe Pharmaceuticals Ltd

Joint cybersecurity advisory
Botnet infects 260,000 SOHO routers, IP cameras with malware

By infosecbulletin / Wednesday , September 18 2024
The FBI has alerted that cyber actors have compromised over 260,000 internet-connected devices, mainly routers, to form a large botnet...
Read More
Joint cybersecurity advisory Botnet infects 260,000 SOHO routers, IP cameras with malware

Chrome 129 Released Fix with multiple Security Flaws

By infosecbulletin / Wednesday , September 18 2024
Google has released Chrome 129 for Windows, Mac, and Linux users. The update will be available gradually over the next...
Read More
Chrome 129 Released Fix with multiple Security Flaws

Broadcom fixed RCE bug in VMware vCenter Server

By infosecbulletin / Wednesday , September 18 2024
Broadcom has fixed a serious VMware vCenter Server vulnerability that allows attackers to execute remote code on unpatched servers through...
Read More
Broadcom fixed RCE bug in VMware vCenter Server

Cybercriminal now misuse Microsoft Azure tool to steal data

By infosecbulletin / Wednesday , September 18 2024
Ransomware groups like BianLian and Rhysida use Microsoft's Azure Storage Explorer and AzCopy to steal data from hacked networks and...
Read More
Cybercriminal now misuse Microsoft Azure tool to steal data

Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities

By infosecbulletin / Tuesday , September 17 2024
Apple has released iOS 18, the latest update for iPhones and iPads. Along with new features, it mainly focuses on...
Read More
Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities

CISA adds windows and whatsUp Gold vuls to its KEV

By infosecbulletin / Tuesday , September 17 2024
CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws,...
Read More
CISA adds windows and whatsUp Gold vuls to its KEV

“This trojan malware, existing since 2021, originates from imitations of download websites with add-ons to online games and videos.”

The malware and extensions have affected over 300,000 users of Google Chrome and Microsoft Edge, showing a widespread impact.
The campaign uses malvertising to promote fake websites that trick users into downloading a trojan, which then installs browser extensions. These fake websites mimic known software like Roblox FPS Unlocker, YouTube, VLC media player, Steam, and KeePass.

The malicious installers, which are digitally signed, create a scheduled task. This task runs a PowerShell script that downloads and executes a payload from a remote server.

To hijack search queries on Google and Microsoft Bing, extensions from Chrome Web Store and Microsoft Edge Add-ons can be installed by modifying the Windows Registry. These extensions will then redirect the search queries through attacker-controlled servers.

“The extension cannot be disabled by the user, even with Developer Mode ‘ON,'” ReasonLabs said. “Newer versions of the script remove browser updates.”

It additionally activates a locally downloaded extension from a command-and-control (C2) server, which possesses advanced functions to intercept web requests, forward them to the server, receive encrypted commands and scripts, and inject/load scripts on all pages.

On top of that, it hijacks search queries from Ask.com, Bing, and Google, and funnels them through its servers and then on to other search engines.

 

Check Also

coding

EXCLUSIVE
Analysis of 3 Ransomware Threats Active Right Now

Three emerging threats will be discussed below, along with how sandbox analysis can be utilized …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin