Rogue Google Chrome and Microsoft Edge extensions could indicate malware: Report

Attackers are using fake websites disguised portals to download popular software like Roblox FPS Unlocker, YouTube, VLC media player, Steam to spread rogue Google Chrome and Microsoft Edge extensions.

Updated - August 13, 2024 05:22 pm IST

Published - August 13, 2024 04:30 pm IST

Attackers are using fake websites disguised portals to download popular software like Roblox FPS Unlocker, YouTube, VLC media player, Steam.

Attackers are using fake websites disguised portals to download popular software like Roblox FPS Unlocker, YouTube, VLC media player, Steam. | Photo Credit: Reuters

Threat actors are exploiting fake websites disguised portals to download popular software to distribute rogue extensions for Google Chrome and Microsoft Edge.

The ongoing malware campaign has reportedly affected 300,000 users and utilises a trojan to deploy extensions capable of stealing private user information and executing remote code, according to a report from Hacker News.

Although the trojan malware has existed since 2021, its combination with these extensions has significantly expanded its impact.

Fake websites at the core of the problem

The campaign leverages fake websites that promise easy access to well-known software like Roblox FPS Unlocker, YouTube, VLC media player, Steam, or KeePass to trick users into downloading the trojan.

(Unravel the complexities of our digital world on The Interface podcast, where business leaders and scientists share insights that shape tomorrow’s innovation. The Interface is also available on YouTube, Apple Podcasts and Spotify.)

Once the trojan is installed, it modifies the Windows registry to force the installation of malicious extensions. These extensions can hijack search queries and redirect users through attacker-controlled servers, posing a serious threat to digital security.

Additionally, the trojan can intercept all web requests, send them to a server, and receive commands along with encrypted scripts.

This is not the first time that such a campaign has been observed in the wild. Earlier in December 2023, a similar trojan installer was spotted in the wild that was delivered through torrent files. The trojan installed malicious web extensions masquerading as VPN apps. However, they were designed to compromise the security of users and run a “cashback activity hack.”

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.