Skip to main content

This Chrome extension lets hackers remotely seize your PC

Malicious extensions on Google Chrome are being used by hackers remotely in an effort to steal sensitive information.

As reported by Bleeping Computer, a new Chrome browser botnet titled ‘Cloud9’ is also capable of logging keystrokes, as well as distributing ads and malicious code.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

The browser botnet operates as a remote access trojan (RAT) for the Chromium web browser, which includes both Chrome and Microsoft Edge. As such, it’s not just login credentials that can be accessed; hackers can also launch distributed denial of service (DDoS) attacks.

The Chrome extension in question is naturally not accessible via Google’s official Chrome web store, so you may be wondering how victims are being targeted. Websites that exist to spread infections via bogus Adobe Flash Player update notifications are being used instead.

Security researchers at Zimperium have confirmed that Cloud9 infection rates have been detected in multiple regions around the world.

The foundation of Cloud9 is three central JavaScript files that can obtain information of the target system, and mine cryptocurrency on that same PC in addition to injecting scripts in order to launch browser exploits.

Multiple vulnerabilities are being exploited, Zimperium notes, including CVE-2019-11708 and CVE-2019-9810 in Firefox, CVE-2014-6332 and CVE-2016-0189 for Internet Explorer, and CVE-2016-7200 for Microsoft Edge.

Although the vulnerabilities are commonly used to install Windows malware, the Cloud9 extension can steal cookies from a browser, allowing hackers to take over valid user sessions.

Furthermore, the malware comes with a keylogger — software that can essentially send all your key presses to the attackers. A “clipper” module was also discovered in the extension, which allows the PC to access copied passwords or credit cards.

“Layer 7 attacks are usually very hard to detect because the TCP connection looks very similar to legitimate requests,” Zimperium stated. “The developer is likely using this botnet to provide a service to perform DDOS.”

Another way the threat actors behind Cloud9 generate even more illicit income is by injecting advertisements and then loading these webpages in the background to accrue ad impressions.

With Cloud9 being spotted on cybercrime forums, the operators could be selling its malicious extension to interested parties. With this in mind, always double-check if you’re installing anything on your browser from an unofficial source and enable two-factor authentication where possible.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
DuckDuckGo’s Windows browser is here to protect your privacy
The Duck Player feature of DuckDuckGo's Windows web browser, showing a video being played.

A few months ago, DuckDuckGo launched a privacy-focused browser on macOS. Well, Windows users no longer have to miss out, as the browser has found its way onto Microsoft’s operating system. If you want a web browsing experience that protects your privacy, it could be a good time to check it out.

The browser is available as a public beta, according to a blog post from DuckDuckGo. It comes with a bunch of built-in privacy protections that could be ideal if you’re tired of trackers and cookies snooping on your internet sessions.

Read more
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more
These 2 new Edge features are making Chrome look outdated
Copilot in Windows being used in the side panel.

Microsoft has announced a host of updates that will soon be available for its Edge browser, including the Microsoft 365 Copilot feature and Sidebar app support for developers.

The company is showcasing the new features during its annual Build developer conference, which is currently taking place from May 23 through May 25.

Read more