Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Cyber Crooks Exploiting Browser Extensions to Launch Malicious Plots

Trend Micro says that browser extensions which were originally created to extend functionality of a browser have become another tool for cybercriminals' schemes.

In early 2014, Google had addressed this issue of malicious browser extensions by allowing installations only if the extensions are hosted in Chrome Web Store but it has not stopped cybercriminals completely in trying to evade such feature.

Trend Micro discovered one particular post on Twitter which advertises "Facebook Secrets" with a shortened link and if user clicks on this link, he/she will be directed to a site which automatically downloads an .EXE file into the system of the user.

Softpedia.com published news on 5th September, 2014 quoting Sylvia Lascano, Fraud Analyst of Trend Micro, as saying that the file downloaded is a dropper named "download-video.exe" identified by the security vendor as TROJ_DLOADE.DND".

It is employed to guide further malware into the machine, an extension of Chrome browser impersonating as Flash Player as one of them and this may be used for more belligerent threats planned to steal information for online services.

Lascano writes: "The malware shall build a folder in the directory of Google Chrome to evade Google's security policy and the malware will drop components of browser extension in the folder."

The extension manifest and the script ("crx-to-exe-convert.txt") which are required to be loaded are added to extension folder of Chrome. The extension is ready to work after the browser parses the entire data.

The moment the browser gets restarted, the pieces which are not in tandem with the policy are booted automatically from Chrome and the whole procedure of installation manually requires to be repeated.

When the user opens Twitter or Facebook, the extension opens a particular site in the background which contains specific phrases written in Turkish.

This routine could be a part of redirection scheme or a click fraud.

The usage of social media in promoting malwares is ever increasing as this helps cybercriminals post the malicious links and they get more exposure of what they want to share.

Never click or follow shortened links from unknown sources to surely protect your systems and it will be important to install browser extensions only from the official store to avoid fake plug-ins.

ยป SPAMfighter News - 9/12/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page