This malicious plugin can potentially utilise your computer to launch DDoS assaults while stealing credentials.
In Google Chrome, Microsoft Edge, and other Chromium-based online browsers, browser extensions can offer new functionality to help you accomplish more, but they can also be used to hijack your PC or even infect it with malware.
Security researchers at Zimperium have uncovered a new botnet called Cloud9, according to BleepingComputer (opens in new tab). The botnet logs keystrokes steals passwords, injects advertisements, and infects susceptible PCs with malware via malicious extensions. It is even possible to start DDoS attacks against websites in order to seize control of them by flooding them with traffic using browsers that have this malicious extension installed.
Once added to Chrome or Edge, the Cloud9 browser extension functions similarly to a remote access trojan (RAT), allowing hackers to remotely execute commands in a victim’s browser.
In Google Chrome, Microsoft Edge, and other Chromium-based online browsers, browser extensions can offer new functionality to help you accomplish more, but they can also be used to hijack your PC or even infect it with malware.
Security researchers at Zimperium have uncovered a new botnet called Cloud9, according to BleepingComputer (opens in new tab). The botnet logs keystrokes steals passwords, injects advertisements, and infects susceptible PCs with malware via malicious extensions. It is even possible to start DDoS attacks against websites in order to seize control of them by flooding them with traffic using browsers that have this malicious extension installed.
Once added to Chrome or Edge, the Cloud9 browser extension functions similarly to a remote access trojan (RAT), allowing hackers to remotely execute commands in a victim’s browser.
Spread via phoney software and Flash Player updates
Contrary to the top Google Chrome extensions, you won’t find Cloud9 in the Chrome Web Store since Google’s security team would quickly identify and remove this malicious plugin. Instead, hackers are tricking people into installing it themselves using some of their most popular strategies.
The most typical methods of dissemination for Cloud 9, according to Zimperium, are “fake executables and malicious websites posing as Adobe Flash Player updates,” according to a blog post (opens in new tab) summarising the findings of its security experts.
Fake Adobe Flash Player updates aren’t nearly as common among hackers as they once were, despite the fact that these fake executables are probably pirated software that potential victims download in order to avoid paying for legitimate versions. This is due to the fact that in January 2021, Adobe formally discontinued support for its once-ubiquitous Flash Player. When these bogus upgrades first started appearing, the makers of Photoshop and some of the top other picture editing tools advised users to delete Flash Player from their devices.
False websites continue to use Adobe Flash Player updates, despite the fact that the product has been retired, to deceive unwary users into installing malware, in this case a harmful extension.
Using flaws to let malware attack Windows devices
After being installed in Chrome or Edge, Cloud9 makes use of three JavaScript files to gather data about the system, generate cryptocurrency on an infected PC, and launch DDoS assaults.
By using known flaws in Edge and even Internet Explorer, this malicious extension can also infect your machine with malware. Once malware has been installed, the hackers who are behind it can log keystrokes to steal passwords input on your computer. This is possible on systems running Cloud9. The extension does, however, also include a “clipper” module that checks the clipboard on your computer for copied passwords or credit card numbers.
Even more, Cloud9 can insert advertisements by loading websites in the background, which brings in advertising money for the app’s developers. If you discover that your PC is operating slower than usual after installing this malicious extension, it may be a hint that DDoS assaults are being launched from it.
Researchers at Zimperium have also noted that Cloud9 is receiving a lot of attention on hacking sites. Similar to malware-as-a-service, this harmful extension can be purchased and utilised by additional hackers to conduct their own assaults.
How to protect yourself from harmful browser extensions
Making sure you only download new extensions from the Chrome Web Shop for Google Chrome or the Microsoft Edge Add-ons store for Microsoft Edge is the simplest approach to avoid fraudulent extensions. However, malicious extensions occasionally manage to elude detection by Google and Microsoft. For this reason, you should probably install one of the top antivirus protection programmes on your computer.
Before installing an extension, you should always consider whether you actually need it, just like when downloading apps for your smartphone. There’s a considerable chance that something is malicious if it appears too good to be true or if it promises to provide you access to a paid service for free. You should be cautious while installing any new extension because hackers and other cybercriminals frequently create false extensions as a way to infiltrate your PC.
A Google representative advised installing the most recent Chrome version on your devices because it will have “the most up-to-date security measures” in a statement to BleepingComputer. The same is true for Chrome-based browsers like Opera, Vivaldi, and Brave as well as Microsoft Edge.
