August 15, 2024
By Research and Developement

Beware! Fake Software Spreading Malware Through Browser Extensions

Imagine searching for a popular video player, only to unknowingly download malware that hijacks your searches and steals data! This is the reality facing hundreds of thousands of Google Chrome and Microsoft Edge users targeted by acunning cyberattack.

Here's theBreakdown:

·      Fake Downloads, Real Danger: Hackers are creating fake websites that mimic popular software download platforms. These sites lure users by offering seemingly harmless add-ons like Roblox hacks orvideo players.

·      Trojan Horse in Disguise: When you download from these sites, you unknowingly install a trojan, a malicious program disguised as legitimate software.

·      Rogue Extensions Takeover: The trojan then installs rogue extensions in your Chrome or Edge browser. These extensions can:

Hijack Your Searches: Redirect your searches on Google and Bing toattacker-controlled servers, potentially altering results or injecting malicious content.
StealYour Data: Intercept your web traffic and steal sensitive information you enteronline.
Become Unruly Guests: Some extensions can even block attempts to remove them,making manual elimination difficult.
The Scope of the Attack: This campaign has reportedly affected at least 300,000 users, highlighting the widespread threat posed by these tactics.

 

Protecting Yourself:

·      Be Wary of Lookalike Sites: Always double-check the source before downloading anything. Look for official websitesof software providers.

·      Beware of Free "Unlockers" and Add-ons: If it seems too good to be true, it probably is. Be cautious when downloading unofficial add-ons or "unlockers" for popular software.

·      Keep Your Browser Updated: Browser updates often include security patches to address emerging threats.

·      Consider Extension Management Tools: Tools that helpyou manage and monitor browser extensions can aid in identifying suspicious activity.

 

If you suspect you've been affected:

It is recommended to delete the scheduled task thatreactivates the malware each day, remove the Registry keys, and delete thebelow files and folders from the system -

•                 C:\Windows\system32\Privacyblockerwindows.ps1

•                 C:\Windows\system32\Windowsupdater1.ps1

•                 C:\Windows\system32\WindowsUpdater1Script.ps1

•                 C:\Windows\system32\Optimizerwindows.ps1

•                 C:\Windows\system32\Printworkflowservice.ps1

•                 C:\Windows\system32\NvWinSearchOptimizer.ps1 - 2024version

•                 C:\Windows\system32\kondserp_optimizer.ps1 - May 2024version

•                 C:\Windows\InternalKernelGrid

•                 C:\Windows\InternalKernelGrid3

•                 C:\Windows\InternalKernelGrid4

•                 C:\Windows\ShellServiceLog

•                 C:\windows\privacyprotectorlog

•                 C:\Windows\NvOptimizerLog

 

 

Run a full system scan: Use a reputable antivirus software to scan your system for additional threats.

 

Remember, staying informed and vigilant is key! By following these tips, you can significantly reduce your risk of falling victim to similar attacks.