Skip to main content

This Chrome extension lets hackers remotely seize your PC

Malicious extensions on Google Chrome are being used by hackers remotely in an effort to steal sensitive information.

As reported by Bleeping Computer, a new Chrome browser botnet titled ‘Cloud9’ is also capable of logging keystrokes, as well as distributing ads and malicious code.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

The browser botnet operates as a remote access trojan (RAT) for the Chromium web browser, which includes both Chrome and Microsoft Edge. As such, it’s not just login credentials that can be accessed; hackers can also launch distributed denial of service (DDoS) attacks.

The Chrome extension in question is naturally not accessible via Google’s official Chrome web store, so you may be wondering how victims are being targeted. Websites that exist to spread infections via bogus Adobe Flash Player update notifications are being used instead.

Security researchers at Zimperium have confirmed that Cloud9 infection rates have been detected in multiple regions around the world.

The foundation of Cloud9 is three central JavaScript files that can obtain information of the target system, and mine cryptocurrency on that same PC in addition to injecting scripts in order to launch browser exploits.

Multiple vulnerabilities are being exploited, Zimperium notes, including CVE-2019-11708 and CVE-2019-9810 in Firefox, CVE-2014-6332 and CVE-2016-0189 for Internet Explorer, and CVE-2016-7200 for Microsoft Edge.

Although the vulnerabilities are commonly used to install Windows malware, the Cloud9 extension can steal cookies from a browser, allowing hackers to take over valid user sessions.

Furthermore, the malware comes with a keylogger — software that can essentially send all your key presses to the attackers. A “clipper” module was also discovered in the extension, which allows the PC to access copied passwords or credit cards.

“Layer 7 attacks are usually very hard to detect because the TCP connection looks very similar to legitimate requests,” Zimperium stated. “The developer is likely using this botnet to provide a service to perform DDOS.”

Another way the threat actors behind Cloud9 generate even more illicit income is by injecting advertisements and then loading these webpages in the background to accrue ad impressions.

With Cloud9 being spotted on cybercrime forums, the operators could be selling its malicious extension to interested parties. With this in mind, always double-check if you’re installing anything on your browser from an unofficial source and enable two-factor authentication where possible.

Editors' Recommendations

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Google has a great idea to fix your tab chaos in Chrome
Google Drive in Chrome on a MacBook.

If you use Google Chrome and are sick of managing an unruly mass of tabs in your web browser, help may soon be at hand. That’s because Google is testing a new feature that could bring order to your tab chaos.

As spotted by Leopeva64 on X (formerly Twitter), a new edition of Google Chrome Canary (a version of Chrome that lets users test out experimental features) contains a new tool called Organize Tabs nestled in the top-left corner of the browser.

Read more
I write about tech for a living — these are the browser extensions I install on every PC
A person using a laptop on a desk with a web browser showing the HubSpot marketplace on their screen.

I write about tech for a living, so you probably won’t be surprised to learn that I spend an unreasonable amount of time browsing the internet (those dog videos aren’t going to watch themselves). Over my many years of surfing the web, I’ve used a huge number of browser extensions to tune up my online experience.

Some have been better than others, but I've carefully curated a list that can elevate your internet experience and help take it to the next level. If you’re after some new extensions for Chrome, Safari, Firefox and all the other best web browsers, these are my own personal recommendations.
1Password

Read more
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.

Read more