Online piracy is a topic we’ve covered a lot in the past as it remains an increasing problem for companies, artists, and unsuspecting users - one study conducted recently
found that the number of visits to piracy sites in 2022 grew by more than 20% compared to 2021. Online piracy also continues to be utilized by cyber attackers who leverage it to distribute
malware to users.
ReasonLabs researchers have discovered numerous
malicious web extensions that are being delivered to users through a
Trojan installer. The installer is hidden in thousands of torrent files claiming to be prominent video games such as
Grand Theft Auto (GTA), Assassins Creed, and more. Our
RAV EDR product flagged suspicious activities on a large number of users, which led to an investigation whereby we uncovered the widespread malware campaigns.
The malicious installers we identified forcibly install one of at least three different malicious web extensions for Google Chrome or Edge, claiming to be
Virtual Private Networks (VPN). Google has removed all of the malicious extensions identified in this blog from the Chrome Web Store. The most prominent extension is called
netPlus and had over 1 million users, while the other two extensions,
netSave and
netWin, had nearly 500K combined installations.