Security News > 2022 > November > Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network

The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet.

Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject arbitrary JavaScript code, mine crypto, and even enlist the host to carry out DDoS attacks.

The extension "Not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device," Zimperium researcher Nipun Gupta said in a new report.

The script further acts as a keylogger and a conduit for launching additional commands received from a remote server, allowing it to steal clipboard data, browser cookies, and launching layer 7 DDoS attacks against any domain.

The disclosure comes over three months after Zimperium discovered a malicious browser add-on dubbed ABCsoup that posed as a Google Translate tool to strike Russian users of Google Chrome, Opera, and Mozilla Firefox browsers.

"Users should be trained on the risks associated with browser extensions outside of official repositories, and enterprises should consider what security controls they have in place for such risks," Gupta said.

News URL

https://thehackernews.com/2022/11/experts-warn-of-browser-extensions.html