Skip to main content

This Chrome extension lets hackers remotely seize your PC

Malicious extensions on Google Chrome are being used by hackers remotely in an effort to steal sensitive information.

As reported by Bleeping Computer, a new Chrome browser botnet titled ‘Cloud9’ is also capable of logging keystrokes, as well as distributing ads and malicious code.

Related Videos
A depiction of a hacker breaking into a system via the use of code.
Getty Images

The browser botnet operates as a remote access trojan (RAT) for the Chromium web browser, which includes both Chrome and Microsoft Edge. As such, it’s not just login credentials that can be accessed; hackers can also launch distributed denial of service (DDoS) attacks.

The Chrome extension in question is naturally not accessible via Google’s official Chrome web store, so you may be wondering how victims are being targeted. Websites that exist to spread infections via bogus Adobe Flash Player update notifications are being used instead.

Security researchers at Zimperium have confirmed that Cloud9 infection rates have been detected in multiple regions around the world.

The foundation of Cloud9 is three central JavaScript files that can obtain information of the target system, and mine cryptocurrency on that same PC in addition to injecting scripts in order to launch browser exploits.

Multiple vulnerabilities are being exploited, Zimperium notes, including CVE-2019-11708 and CVE-2019-9810 in Firefox, CVE-2014-6332 and CVE-2016-0189 for Internet Explorer, and CVE-2016-7200 for Microsoft Edge.

Although the vulnerabilities are commonly used to install Windows malware, the Cloud9 extension can steal cookies from a browser, allowing hackers to take over valid user sessions.

Furthermore, the malware comes with a keylogger — software that can essentially send all your key presses to the attackers. A “clipper” module was also discovered in the extension, which allows the PC to access copied passwords or credit cards.

“Layer 7 attacks are usually very hard to detect because the TCP connection looks very similar to legitimate requests,” Zimperium stated. “The developer is likely using this botnet to provide a service to perform DDOS.”

Another way the threat actors behind Cloud9 generate even more illicit income is by injecting advertisements and then loading these webpages in the background to accrue ad impressions.

With Cloud9 being spotted on cybercrime forums, the operators could be selling its malicious extension to interested parties. With this in mind, always double-check if you’re installing anything on your browser from an unofficial source and enable two-factor authentication where possible.

Editors' Recommendations

The Windows 11 taskbar is getting an important new update
windows 11 taskbar third party app pinning

Microsoft is working on new experiences for Windows that will allow developers to enable pinning for third-party applications, as well as enable pinning to the Taskbar.

Microsoft recently announced the details of these upcoming functions in a blog post. This is the brand's attempt to universalize its pinning process across all apps used on Windows. In practice, it will be similar to how pinning works on the Edge browser, with the Windows 11 users being notified by the Action Center about a request for pinning to the Taskbar by the app in question.

Read more
Firefox just got a great new way to protect your privacy
Canva in Firefox on a MacBook.

If you’re fed up with signing up for new accounts online and then being perpetually spammed in the days and weeks after, Mozilla has an idea that could help. The company has just announced its Firefox Relay feature is being directly integrated into its Firefox web browser, and it could help guarantee your privacy without any extra hassle.

Firefox Relay works by letting you create email “masks” when you sign up for new accounts. Instead of entering your real credentials into the sign-up field, Firefox Relay provides you with a throwaway address and phone number to use. Any messages from the website -- such as purchase receipts -- are then forwarded to your real email address, with all the sender’s tracking information stripped out to protect your privacy.

Read more
The most common Chromebook problems and how to fix them
A person working on a Toshiba Chromebook.

Chromebooks are great alternatives to MacBooks and Windows 10 laptops, but they aren’t perfect. Any laptop computer is bound to have issues, and some of the most common problems faced by Chromebook users can feel difficult or even impossible to solve on their own. 

From issues with updates to internet connectivity, troubleshooting common Chromebook problems doesn’t have to ruin your day. Read on to discover easy fixes for the most frequent issues Chromebook users face. 
The Diagnostics app

Read more