Security News > 2022 > November > Malicious extension lets attackers control Google Chrome remotely
A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks.
The Cloud9 browser botnet is effectively a remote access trojan for the Chromium web browser, including Google Chrome and Microsoft Edge, allowing the threat actor to remotely execute commands.
The malicious Chrome extension isn't available on the official Chrome web store but is instead circulated through alternative channels, such as websites pushing fake Adobe Flash Player updates.
Cloud9 is a malicious browser extension that backdoors Chromium browsers to perform an extensive list of malicious functions and capabilities.
The extension consists of three JavaScript files for collecting system information, mining cryptocurrency using the host's resources, performing DDoS attacks, and injecting scripts that run browser exploits.
Even without the Windows malware component, the Cloud9 extension can steal cookies from the compromised browser, which the threat actors can use to hijack valid user sessions and take over accounts.
News URL
Related news
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)