Rogue Google Chrome and Microsoft Edge extensions could indicate malware: Report
Threat actors are exploiting fake websites disguised portals to download popular software to distribute rogue extensions for Google Chrome and Microsoft Edge.
The ongoing malware campaign has reportedly affected 300,000 users and utilises a trojan to deploy extensions capable of stealing private user information and executing remote code, according to a report from Hacker News.
Although the trojan malware has existed since 2021, its combination with these extensions has significantly expanded its impact.
Fake websites at the core of the problem
The campaign leverages fake websites that promise easy access to well-known software like Roblox FPS Unlocker, YouTube, VLC media player, Steam, or KeePass to trick users into downloading the trojan.
(Unravel the complexities of our digital world on The Interface podcast, where business leaders and scientists share insights that shape tomorrow’s innovation. The Interface is also available on YouTube, Apple Podcasts and Spotify.)
Once the trojan is installed, it modifies the Windows registry to force the installation of malicious extensions. These extensions can hijack search queries and redirect users through attacker-controlled servers, posing a serious threat to digital security.
Additionally, the trojan can intercept all web requests, send them to a server, and receive commands along with encrypted scripts.
This is not the first time that such a campaign has been observed in the wild. Earlier in December 2023, a similar trojan installer was spotted in the wild that was delivered through torrent files. The trojan installed malicious web extensions masquerading as VPN apps. However, they were designed to compromise the security of users and run a “cashback activity hack.”