There’s a new malicious Google Chrome extension on the Internet block and if you’re not careful, hackers could use Cloud9 to gain access to your computer.
The extension can reportedly log your keystrokes (which it can then use to gain access to your online accounts) and inject ads and malicious JS code.
The malware, first discovered by the Zimperium zLabs team, could also make you the target of DDoS (distributed denial-of-service attack).
The browser bot operates as a remote access trojan (RAT) for the Chromium web browser.
This means Chrome and Microsoft Edge browsers are at risk.
And you don’t even have to download it from the Chrome extension store, it can find its way onto your computer quite easily if you’re not careful.
Websites created to lure you in will use bogus Adobe Flash Player update notifications to spread the virus and steal cookies.
With this, hackers can easily take over valid user sessions and access your information.
The bot has already been detected in several countries.
The bot exploits multiple vulnerabilities to mine cryptocurrency, inject malicious code and install malware – some of which contain keylogger software.
Once this is on your PC, hackers can easily track every keystroke you make, including your login information and passwords.
The Zimperium team warns: “A ‘clipper’ module was also discovered in the extension, which allows the PC to access copied passwords or credit cards”.
Remember the ‘injecting malicious code’ part?
So, the Cloud9 creators can generate income by loading advertisement code on webpages running in the background.
While this is not necessarily dangerous – unless you’re using a hotspot or any form of billed data, meaning your data will be depleted real fast – it still raises a red flag in terms of access to your PC.
Zimperium traced the origin of the Cloud9 malware to Keksec, a group originally formed in 2016; it is popular for mining-based malware and botnets, as well as DDoS.
The easiest way to see if software is running in the background is to head over to Windows Task Manager (just press Ctrl+Alt+Delete) and select the ‘Processes’ tab.
This will return a list of active applications, background processes and other bits of software.
If anything suspicious pops up, do a Google search to see if it has any malware warnings.
You can also go the ‘Services and Applications’ menu or the ‘Programs’ menu in your Control Panel and sort the list by date installed.
The malware may also appear in the Chrome extension menu as Flash Player 2.3, or Adob Flash Player free download (note: Adob, not Adobe).
NOW READ: 5 tips for surfing the internet safely
Download our app and read this and other great stories on the move. Available for Android and iOS.