New Widespread Extension Trojan Malware Campaign

Aug. 7, 2024, 9:06 a.m.

Description

This report discusses a widespread polymorphic malware campaign that forcefully installs malicious browser extensions on endpoints. The malware, originating from imitations of download websites, delivers various malicious payloads, including adware extensions, data stealing scripts, and commands to execute. It hijacks searches, redirects traffic, and has affected over 300,000 users across Google Chrome and Microsoft Edge. The malicious actors employ obfuscation techniques, leverage PowerShell scripts, and communicate with command-and-control servers to receive instructions and download additional malicious components.

Date

Published: Aug. 7, 2024, 8:33 a.m.

Created: Aug. 7, 2024, 8:33 a.m.

Modified: Aug. 7, 2024, 9:06 a.m.

Attack Patterns

Trojan Manuscript

Bankshot - S0239

adware

T1564.004

T1600.001

T1559.002

T1611

T1564.002

T1592.002

T1583.001

T1569.002

T1564.003

T1564.001

T1562.001