Hackers Create Fake Google Chrome Extensions

New Malicious Chrome Extension Malware

Google Chrome has been used as a malware by criminal hackers to make millions of dollars. It is the most recent online virus attack used in conjunction with the Twitter social media platform. As indicated by a new report, a malware crusade orchestrated against Twitter followers was found by a network security specialist and his group of researchers.

Up until this point, the detected malware has been flooding Twitterverse. Reportedly, the dark web hackers have figured out how to utilize pictures with malicious QR codes that invade the social media platform. After which, the malignant QR codes tormenting Twitter followers displayed downloadable files that are fake extensions of the Google Chrome browser.

Hackers Hacked Twitter Followers Accounts

Karsten Hahn, the network safety IT technician, and his team found the malware, and have reported his disclosure in a blog entry named Malicious QR Codes On Twitter Elaborating. As per the blog entry, Hahn expresses that the team of cyber security analysts detected the spread of the malware, which uses pernicious QR codes to flood Twitter followers’ accounts.

With additional examination, the security experts noted that the vindictive Google Chrome extension typically utilizes pictures to gain the attention of Twitter clients. What’s more, when the designated pictures are clicked, the advert skillfully camouflaged as an ISO document guarantees that the expected target downloads the malevolent QR code. In any case, the hidden ISO record is modified not to convey the shown adverts but fills in as the loader for the malicious malware.

The analysts uncovered that the ISO document has two primary functions; a _meta.txt, boasting a PowerShell script equipped with a downloader.exe. Furthermore, concerning the capacity of how the two parts work; the _meta.txt contains a PowerShell script encoded with a replacement figure. Then, the downloader.exe functions as a .NET assembly.

Moreover, it includes an immense word reference dictionary containing the replacement letters, which decodes the PowerShell script in _meta.txt. Additionally, the PowerShell runs at regular intervals assigned with the special title ChromeTask.

Hackers Reaping Millions

And as expressed by the analysts, the fake Google Chrome extension is downloaded by the PowerShell script, which gives these downloads the properties that assist with avoiding being uninstalled by the impacted Twitter user. In this way, a visit to the dangerous Chrome extension would divert users to another fraudulent extension, for example, the “chrome://augmentations” would divert to “chrome://settings”.

At the moment, the dark web hackers ’malware only shows troublesome advertisements behind the scenes, which when clicked can generate income for the hackers.

Most importantly, the cyber security analysts warned that the main protection against this intrusive malware, recently launched by deep web hackers, is to avoid clicking on pictures or downloading cracked versions of popular software.