Malware campaign hits over 300,000 Chrome and Edge browsers with malicious extensions
A significant malware campaign has force-installed malicious extensions on over 300,000 Google Chrome and Microsoft Edge browsers, bypassing most antivirus software. These extensions hijack homepages and steal browsing data by altering browser executables. Researchers at ReasonLabs discovered the campaign, highlighting its use of diverse malvertising techniques.
The infection starts when users download software from deceptive websites promoted through Google search results. These installers, digitally signed by 'Tommy Tech LTD', evade antivirus detection and execute a PowerShell script to download a payload, alter the Windows registry, and create a Scheduled Task for continuous malware delivery.
The malicious extensions hijack search queries, redirect users to harmful pages, and capture sensitive information such as login credentials and browsing history. The malware employs persistence techniques, including modifying browser DLLs and disabling automatic updates, making it difficult to detect and remove. To address the infection, users must delete scheduled tasks and malicious registry entries manually and are advised to reinstall the affected browser to fully remove the malware.
modifying browser DLLs
Sounds like an issue that only affects Windows users perhaps?