New Widespread Extension Trojan Malware Campaign

Aug. 7, 2024, 9:06 a.m.

Description

This report discusses a widespread polymorphic malware campaign that forcefully installs malicious browser extensions on endpoints. The malware, originating from imitations of download websites, delivers various malicious payloads, including adware extensions, data stealing scripts, and commands to execute. It hijacks searches, redirects traffic, and has affected over 300,000 users across Google Chrome and Microsoft Edge. The malicious actors employ obfuscation techniques, leverage PowerShell scripts, and communicate with command-and-control servers to receive instructions and download additional malicious components.

External References

https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
https://otx.alienvault.com/pulse/66b3316177bd9ddee5c69e13
Tags
trojan
adware
hijacking
2024-08-07
polymorphic
browser
bankshot
extensions

Date

  • Created: Aug. 7, 2024, 8:33 a.m.
  • Published: Aug. 7, 2024, 8:33 a.m.
  • Modified: Aug. 7, 2024, 9:06 a.m.

Attack Patterns

  • Trojan Manuscript
  • Bankshot - S0239
  • adware