New Trojan Malware Affects 300,000 Chrome & Edge Users

Security researchers at ReasonLabs have discovered a new widespread, ongoing polymorphic malware campaign that forcefully installs malicious browser extensions at endpoints.

The installer and extensions, which are spreading globally, have impacted at least 300,000 users across Google Chrome and Microsoft Edge, modifying the browser’s executables to hijack homepages and steal browsing history.

The trojan malware, which usually goes undetected by antivirus tools, contains different deliverables ranging from simple adware extensions that take over searches to more complex malicious scripts that deliver local extensions to steal private data and carry out various commands on infected devices.

Since 2021, this trojan malware has originated from imitation websites that provide downloads and add-ons for online games and videos.

How Does The Malware Work

ReasonLabs said the infection starts with the victims downloading software installers through fake websites marketed by malvertising in Google Search results. The advertisers use imitations of download sites like Roblox FPS Unlocker, YouTube, VLC Media Player, or KeePass. The executables downloaded from these fake websites do not even attempt to install the intended software but instead deploy trojans.

“Once a user downloads the program from the lookalike website, the program registers a scheduled task using a pseudonym that follows the pattern of a PowerShell script file name, like Updater_PrivacyBlocker_PR1, MicrosoftWindowsOptimizerUpdateTask_PR1, and NvOptimizerTaskUpdater_V2”, say ReasonLabs researchers.

“It’s configured to run a PowerShell script with a similar-looking name “-File C:/Windows/System32/NvWinSearchOptimizer.ps1″. The PowerShell script downloads a payload from a remote server and executes it on the machine.”

The PowerShell script is written to the system32 folder, which invokes a second-stage script from the C2 directly to memory. When the PowerShell script is finally executed, it adds registry values to force the installation of malicious extensions. These extensions steal search queries and redirect them through the adversary’s search, making them undetectable even with Developer Mode ‘ON’.

The script then installs malicious extensions by modifying Chrome and Edge registry keys, making disabling them even more challenging through regular browser settings. The extensions perform several malicious activities, including hijacking searches from known search engines and redirecting them through attacker-controlled domains before finally showing results from legitimate search engines like Yahoo or Bing.

ReasonLabs reports that the Trojan’s most recent iterations modify core browser DLL files used by Google Chrome and Microsoft Edge to capture the browser’s homepage to one under the threat actor’s control, such as https://microsearch[.]me/.

“The purpose of this script is to locate the DLLs of the browsers (msedge.dll if Edge is the default one) and to change specific bytes in specific locations within it,” explains ReasonLabs.

“Doing so allows the script to hijack the default search from Bing or Google to the adversary’s search portal. It checks which version of the browser is installed and searches the bytes accordingly.”

The ReasonLabs Research Team promptly alerted Google and Microsoft upon discovering the breach. While Microsoft has removed all the identified malicious extensions from its Edge Add-ons Store, some implicated extensions still live on the Google Chrome Web Store.

Meanwhile, users are advised to download extensions only from trusted sources, be cautious about downloading software from unknown websites, and keep their antivirus software up to date.

The post New Trojan Malware Affects 300,000 Chrome & Edge Users appeared first on TechViral.

ethical hacking,hacking,bangla ethical hacking,bangla hacking tutorial,bangla tutorial,bangla hacking book,ethical hacking bangla,bangla,hacking apps,ethical hacking bangla tutorial,bangla hacking,bangla hacking pdf,bangla hacking video,bangla android hacking,bangla hacking tutorials,bangla fb hacking tutorial,bangla hacking book download,learn ethical hacking,hacking ebook,hacking tools,bangla ethical hacking course, tricks,hacking,ludo king tricks,whatsapp hacking trick 2019 tricks,wifi hacking tricks,hacking tricks: secret google tricks,simple hacking tricks,whatsapp hacking tricks,tips and tricks,wifi tricks,tech tricks,redmi tricks,hacking trick paytm cash,hacking trick helo app,hacking trick of helo app,paytm cash hacking trick,wifi password hacking,paytm cash hacking trick malayalam,hacker tricks, tips and tricks,pubg mobile tips and tricks,tricks,tips,tips and tricks for pubg mobile,100 tips and tricks,pubg tips and tricks,excel tips and tricks,google tips and tricks,kitchen tips and tricks,season 2 tips and tricks,android tips and tricks,fortnite tips and tricks,godnixon tips and tricks,free fire tips and tricks,advanced tips and tricks,whatsapp tips and tricks, facebook tricks,facebook,facebook hidden tricks,facebook tips and tricks,facebook latest tricks,facebook tips,facebook new tricks,facebook messenger tricks,facebook android app tricks,fb tricks,facebook app tricks,facebook tricks and tips,facebook tricks in hindi,tricks,facebook tutorial,new facebook tricks,cool facebook tricks,facebook tricks 2016,facebook tricks 2017,facebook secret tricks,facebook new tricks 2020,blogger blogspot seo tips and tricks,blogger tricks,blogger,blogger seo tips,blogger seo tips and tricks,seo for blogger,blogger seo in hindi,blogger seo best tips for increasing visitors,blogging tips and tricks,blogger blog seo,blogger seo in urdu,adsense approval trick,blogging tips and tricks for beginners,blogging tricks,blogger tutorial,blogger tricks 2016,blogger tricks 2017 bangla,tricks,bangla tutorial,bangla magic,bangla motivational video,bangla tricks,bangla tips,all bangla tips,magic tricks,akash bangla tricks,top 10 bangla tricks,tips and tricks,all bangla trick,bangla computer tricks,computer bangla tricks,bangla magic card tricks,ms word bangla tips and tricks,bangla computer tips,trick,psychology tricks,youtube bangla,magic tricks bangla,si trick Credit techviral