New Widespread Extension Trojan Malware Campaign
Aug. 7, 2024, 9:06 a.m.
Tags
External References
Description
This report discusses a widespread polymorphic malware campaign that forcefully installs malicious browser extensions on endpoints. The malware, originating from imitations of download websites, delivers various malicious payloads, including adware extensions, data stealing scripts, and commands to execute. It hijacks searches, redirects traffic, and has affected over 300,000 users across Google Chrome and Microsoft Edge. The malicious actors employ obfuscation techniques, leverage PowerShell scripts, and communicate with command-and-control servers to receive instructions and download additional malicious components.
Date
Published: Aug. 7, 2024, 8:33 a.m.
Created: Aug. 7, 2024, 8:33 a.m.
Modified: Aug. 7, 2024, 9:06 a.m.
Attack Patterns
Trojan Manuscript
Bankshot - S0239
adware
T1564.004
T1600.001
T1559.002
T1611
T1564.002
T1592.002
T1583.001
T1569.002
T1564.003
T1564.001
T1562.001