Gandalf_The_Grey
Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,084
An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser's executables to hijack homepages and steal browsing history.
The installer and extensions, which are usually undetected by antivirus tools, are designed to steal data and execute commands on infected devices.
The campaign was discovered by researchers at ReasonLabs who warn that the threat actors behind it employ diverse malvertising themes to achieve initial infection.
ReasonLabs says the infection starts with the victims downloading software installers from fake sites promoted by malvertising in Google search results.
This malware campaign uses baits such as a Roblox FPS Unlocker, TikTok Video Downloader, YouTube downloader, VLC video player, Dolphin Emulator, and KeePass password manager.
The downloaded installers are digitally signed by 'Tommy Tech LTD' and successfully evade detection by all AV engines on VirusTotal at the time of its analysis by ReasonLabs.
Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser's executables to hijack homepages and steal browsing history.
www.bleepingcomputer.com