Massive Malware Campaign Hijacks 300,000 Browsers: How to Protect Yourself
A widespread and ongoing malware campaign has force-installed malicious extensions on over 300,000 Google Chrome and Microsoft Edge browsers, compromising users' browsing history, login credentials, and personal data. The attack, discovered by ReasonLabs researchers, employs diverse malvertising tactics to infect devices, highlighting the need for vigilance and robust security measures.
Infection Vector
The malware campaign begins with fake software installers downloaded from malicious websites promoted through Google search results. These installers, signed by 'Tommy Tech LTD', evade detection by antivirus tools and contain PowerShell scripts that download payloads, modify browser executables, and install extensions.
Malicious Extensions
The campaign has installed numerous extensions, including:
- Custom Search Bar (40K+ users)
- yglSearch (40K+ users)
- Qcom search bar (40+ users)
- Qtr Search (6K+ users)
- Micro Search Chrome Extension (180K+ users, removed from Chrome store)
- Active Search Bar (20K+ users, removed from Chrome store)
- Your Search Bar (40K+ users, removed from Chrome store)|
- Safe Search Eng (35K+ users, removed from Chrome store)
- Lax Search (600+ users, removed from Chrome store)
The following Microsoft Edge extensions are linked to this campaign:
- Simple New Tab (100,000K+ users, removed from Edge store)
- Cleaner New Tab (2K+ users, removed from Edge store)
- NewTab Wonders (7K+ users, removed from Edge store)
- SearchNukes (1K+ users, removed from Edge store)
- EXYZ Search (1K+ users, removed from Edge store)
- Wonders Tab (6K+ users, removed from Edge store)
These extensions hijack search queries, redirect users to malicious results, and capture sensitive information.
Persistence and Evasion
The malware employs various techniques to remain persistent and evade detection, including:
- Modifying browser shortcut links to force-load malicious extensions
- Disabling browser automatic updates
- Hiding extensions from the extensions management page
- Modifying DLLs to hijack browser homepages
Removal and Prevention
To remove the infection, users must:
- Delete scheduled tasks and malicious registry entries
- Remove malicious files using an Antivirus Software
- Consider reinstalling the browser to ensure complete removal
To protect yourself:
- Be cautious when downloading software from unknown sources
- Install Net Protector antivirus and keep them up-to-date
- Regularly review browser extensions and remove suspicious ones
- Enable browser automatic updates
Stay vigilant and take proactive measures to safeguard your digital security.
- Other (42)
- Ransomware (128)
- Events and News (26)
- Features (45)
- Security (433)
- Tips (79)
- Google (22)
- Achievements (9)
- Products (33)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (195)
- Cyber Attack (221)
- Data Backup (11)
- Data Breach (80)
- Phishing (139)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (56)
- Knoweldgebase (38)
- Botnet (15)
- Updates (3)
- Alert (71)
- Hacking (57)
- Social Media (7)
- vulnerability (54)
- Hacker (31)
- Spyware (8)
- Windows (6)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (3)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (5)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (5)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (8)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (7)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (2)