Friend
Professional
- Messages
- 2,653
- Reaction score
- 852
- Points
- 113
Users complain about changing key browser settings without their knowledge.
The ReasonLabs research team has identified a new large-scale Trojan distribution campaign through browser extensions. This campaign has been active since 2021 and is aimed at users of Google Chrome and Microsoft Edge. Malware disguises itself as popular apps and games distributed through fake websites that mimic resources such as Roblox and YouTube.
The initial infection starts by downloading a malicious file that runs a PowerShell script. This script loads additional components and installs extensions that are hidden from the user. Extensions steal data, redirect search queries through malicious servers, and even block browser updates.
At the same time, users complain en masse about the inability to remove some of these extensions, which change the settings of their browsers, steal search queries and download additional malicious components. Extensions under different names continue to appear, despite the removal of some of them from the extension stores.
ReasonLabs experts emphasize the importance of downloading programs only from official sites and using antivirus software to check downloaded files. Users should be vigilant and avoid downloading programs from untrusted sources.
Google and Microsoft have already been notified of the issue and are taking steps to remove malicious extensions from their stores. However, attackers continue to update their scripts to avoid detection by antivirus programs and continue malicious activity.
To prevent malicious extensions from being installed, we recommend that you regularly update your antivirus software and be careful when downloading programs from the Internet. It is important to check site reviews and ratings before downloading any files from them. This will help protect your devices from such threats and keep your personal data safe.
Source
The ReasonLabs research team has identified a new large-scale Trojan distribution campaign through browser extensions. This campaign has been active since 2021 and is aimed at users of Google Chrome and Microsoft Edge. Malware disguises itself as popular apps and games distributed through fake websites that mimic resources such as Roblox and YouTube.
The initial infection starts by downloading a malicious file that runs a PowerShell script. This script loads additional components and installs extensions that are hidden from the user. Extensions steal data, redirect search queries through malicious servers, and even block browser updates.
At the same time, users complain en masse about the inability to remove some of these extensions, which change the settings of their browsers, steal search queries and download additional malicious components. Extensions under different names continue to appear, despite the removal of some of them from the extension stores.
ReasonLabs experts emphasize the importance of downloading programs only from official sites and using antivirus software to check downloaded files. Users should be vigilant and avoid downloading programs from untrusted sources.
Google and Microsoft have already been notified of the issue and are taking steps to remove malicious extensions from their stores. However, attackers continue to update their scripts to avoid detection by antivirus programs and continue malicious activity.
To prevent malicious extensions from being installed, we recommend that you regularly update your antivirus software and be careful when downloading programs from the Internet. It is important to check site reviews and ratings before downloading any files from them. This will help protect your devices from such threats and keep your personal data safe.
Source
