Friday, March 29

Chrome extension lets hackers take over your PC | Digital Trends Spanish


The malicious extensions in Google Chrome they are being used by hackers remotely in an effort to steal sensitive information.

According to reported by Bleeping Computera new Chrome browser botnet titled ‘Cloud9’ is also capable of logging keystrokes, as well as distributing advertisements and malicious code.

Getty Images

The browser botnet works as a Remote Access Trojan (RAT) for the Chromium web browser, which includes Chrome and Microsoft Edge. As such, not only login credentials can be accessed; Hackers can also launch Distributed Denial of Service (DDoS) attacks.

The Chrome extension in question is naturally not accessible via Google’s official Chrome web store, so you might be wondering how victims are attacked. Instead, existing websites are used to spread infections via fake Adobe Flash Player update notifications.

Zimperium security researchers have confirmed that Cloud9 infection rates have been detected in multiple regions of the world.

The foundation of Cloud9 is three core JavaScript files that can obtain information from the target system and mine cryptocurrency on that same PC, as well as inject scripts to launch browser exploits.

Multiple vulnerabilities are being exploited, Zimperium notes, including CVE-2019-11708 and CVE-2019-9810 in Firefox, CVE-2014-6332 and CVE-2016-0189 for Internet Explorer, and CVE-2016-7200 for Microsoft Edge.

Although the vulnerabilities are commonly used to install Windows malware, the Cloud9 extension can steal cookies from a browser, allowing hackers to take over valid user sessions.

Additionally, the malware comes bundled with a keylogger, software that can essentially send all of your keystrokes to attackers. A “clipper” module was also discovered in the extension, which allows the PC to access copied passwords or credit cards.

“Layer 7 attacks are often very difficult to detect because the TCP connection closely resembles legitimate requests,” Zimperium said. “It is likely that the developer is using this botnet to provide a service to perform DDOS.”

Another way that the threat actors behind Cloud9 generate even more illicit revenue is by injecting advertisements and then loading these web pages in the background to rack up ad impressions.

With Cloud9 being seen on cybercrime forums, the operators could be selling their malicious extension to interested parties. With this in mind, always check to see if you’re installing something on your browser from an unofficial source, and enable two-factor authentication whenever possible.

Publisher Recommendations










es.digitaltrends.com