Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign

2022-07-08 11:30

A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers.

Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "Extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint security solutions, along with the security controls found in the official extension stores."

The rogue browser add-ons come with the same extension ID as that of Google Translate - "Aapbdbdomjkkjkaonfhkkikfgjllcleb" - in an attempt to trick users into believing that they have installed a legitimate extension.

The extensions are not available on the official browser web stores themselves.

"Furthermore, when this extension is installed, Chrome Web Store assumes that it is Google Translate and not the malicious extension since the Web Store only checks for extension IDs," Zimperium researcher Nipun Gupta said.

All the observed variants of the extension are geared towards serving pop-ups, harvesting personal information to deliver target-specific ads, fingerprinting searches, and injecting malicious JavaScript that can further act as a spyware to capture keystrokes and monitor web browser activity.

News URL

https://thehackernews.com/2022/07/experts-uncover-350-browser-extension.html

#adware #browser