"Our investigation reveals that the author behind this particular extension hired a virtual private server (VPS) in Russia, where he registered several domains," the researcher pointed out. Among these domains was one C&C one where he or she collects stolen data from infected users and one that was used to register the extension at the Chrome Store.
"He has at least one more VPS that hosts about 30 different domains selling weight loss products, English language tutoring services, and work-from-home offers. "He uses among.us as an online counter for his number of victims and Dropbox for hosting fraudulent pages."
This particular extension has since been removed from the store but, unfortunately, this crook is not the only one who managed to get one inside it. The researchers have found several, and say that there are easy to spot if you know what to look for.
Full Article
Researchers find malicious extensions in Chrome Web Store
Userlevel 7
+52
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.