Viruses have been detected again in the Google Chrome Store
Classical methods still work well. The only question is, why isn't Google tightening its security policy?
Radware's current security report highlights another wave of viruses, this time affecting more than 100 users. The recipe still follows the classic scheme: malicious code was hidden in browser extensions, which were then massively downloaded by unsuspecting users. The list of affected accessories looks like this:
- Nigelify
- PwnerLike
- Alt-j
- Fixed-case
- Divinity 2 Original Sin: Wiki Skill Popup
- keeprivate
- iHabno
The attackers channeled the victim's computer into the botnet using the method shown below; a fake YouTube page was salted with a viral extension on the visitor on the pretext that it was necessary to play the video. The malware was not assorted on systems (Windows, Linux) and Radware said it traveled specifically to Chrome.
contents show
The vicious circle.
The researchers concluded that in addition to data theft (Facebook, Instagram), cryptomining (Monero, Bytecoin, Electroneum) was the goal. As you can see in the picture above, cookies and the theft of various login data also served to spread the virus.
“Celestial Phenomenon Playing with Earthlings” is a fake YouTube site.
It is worth noting the methods used by malicious applications to prevent removal.
- The Extensions tab has been disabled so users can't delete extensions from there.
- They also made inaccessible cleanup tools that could have helped fix the problem.
Source: ghacks.net