Tag Archive for: Chrome

Facebook sues makers of malicious Chrome extensions for scraping data

/in


Facebook sues makers of malicious Chrome extensions for scraping data

Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook’s website and from users’ systems without authorization.

The two defendants developed and distributed the malicious browser extensions through the Chrome Web Store working under the “Oink and Stuff” business name.

“They misled users into installing the extensions with a privacy policy that claimed they did not collect any personal information,” Jessica Romero, Director of Platform Enforcement and Litigation, said.

“Four of their extensions — Web for Instagram plus DM, Blue Messenger, Emoji keyboard, and Green Messenger — were malicious and contained hidden computer code that functioned like spyware.”

The four extensions are still available for download in Google’s Chrome Web Store and they currently have more than 54,000 users.

Facebook systems’ not compromised

After being installed on the users’ computers, these Chrome extensions also installed malicious code in the background which allowed the defendants to scrape user data from Facebook’s site.

The malicious Chrome add-ons were also used to surreptitiously collect data unrelated to Facebook from the users’ web browsers.

While the users were browsing the Facebook website, the extensions automatically scraped account information including the victims’ name, user ID, gender, relationship status, and age group among others.

Malicious Chrome extensions

Romero added that the defendants did not compromise Facebook’s security systems during their malicious activity but, instead, they only used the extensions installed on users’ devices to scrape data.

“We are seeking a permanent injunction against defendants and demanding that they delete all Facebook data in their possession,” Romero concluded.

“This case is the result of our ongoing international efforts to detect and enforce against those who scrape Facebook users’ data, including those who use browser extensions to compromise people’s browsers.”

Legal action against platform abuse

This action is part of a long series of instances where Facebook took legal action against entities attempting to abuse the company’s platform and services.

For…

Source…

Google Chrome, Firefox, Edge hijacked by massive malware attack: what you need to know

/in

With the pandemic seismically shifting the way we work, there is an increasing dependence on digital connectivity in our day-to-day lives. 

As December rolls through to Christmas, Microsoft has now reported that a sophisticated set of malware attacks have trained their sights on big browsers: Mozilla Firefox, Microsoft Edge, and Google Chrome are all caught up in the exploit. Another link in the chain of cyber threats flourishing in the year of Covid-19.

While the technical detail runs deep, the malware commonly presents through a number of attack avenues. Web users who fall foul can expect unauthorized browser extensions being added, their search results’ advertisements presenting with malicious scripts that automate the theft of personal credentials, and even the complete shutdown of crucial security controls by affecting Dynamic-link Libraries (DLLs).

The Microsoft 365 Defender Research Team has issued a statement that certainly doesn’t evade the seriousness of the issue; more, it refers to a ‘persistent malware campaign’ called Adrozek—a family of malicious browser modifiers—that, if not identified and stopped, can entrench malicious ads which allows the threat actors to earn money via affiliate advertising.

These types of attacks are ambitious in scope, but by no means new. Browser modifiers represent some of the earliest underhand tactics of cyber criminals – a sign that older methods of stealing personal credentials are increasingly adapting to new digital environments.

Microsoft labels these ‘polymorphic’ attacks as dangerous but, optimistically, they are preventable. The Windows 10 proprietary Microsoft Defender Antivirus utilities behavior-eccentric, machine learning-fueled detecting capabilities to pursue, and ultimately block Adrozek, despite its shape shifting abilities. Of course, it must be switched on and attuned to the latest threats through regular updating.

Looking beyond prevention: those who are unfortunate enough to have already been infected with the malware are advised to completely overhaul and reinstall browsers. Microsoft has steered users towards its malware literature, which details best practice around cyber security.

Source…

Microsoft exposes Adrozek, malware that hijacks Chrome, Edge, and Firefox

/in


adrozek-attack-chain.png

Image: Microsoft

Microsoft has raised the alarm today about a new malware strain that infects users’ devices and then proceeds to modify browsers and their settings in order to inject ads into search results pages.

Named Adrozek, the malware has been active since at least May 2020 and reached its absolute peak in August this year when it controlled more than 30,000 browsers each day.

But in a report today, the Microsoft 365 Defender Research Team believes the number of infected users is much, much higher. Microsoft researchers said that between May and September 2020, they observed “hundreds of thousands” of Adrozek detections all over the globe.

Based on internal telemetry, the highest concentration of victims appears to be located in Europe, followed by South and Southeast Asia.

adrozek-geographic-distribution.png

Image: Microsoft

How Adrozek spreads and works

Microsoft says that, currently, the malware is distributed via classic drive-by download schemes. Users are typically redirected from legitimate sites to shady domains where they are tricked into installing malicious software.

The boobytrapped software installs the Androzek malware, which then proceeds to obtain reboot persistence with the help of a registry key.

Once persistence is assured, the malware will look for locally installed browsers such as Microsoft EdgeGoogle ChromeMozilla Firefox, or the Yandex Browser.

If any of these browsers are found on infected hosts, the malware will attempt to force-install an extension by modifying the browser’s AppData folders.

To make sure the browser’s security features don’t kick in and detect unauthorized modifications, Adrozek also modifies some of the browsers’ DLL files to change browser settings and disable security features.

Modifications performed by Adrozek include:

  • Disabling browser updates
  • Disabling file integrity checks
  • Disabling the Safe Browsing feature
  • Registering and activating the extension they added in a previous step
  • Allowing their malicious…

Source…

Chrome gets patched again, but 83% of users aren’t running the latest version | 2020-11-20

/in


Chrome gets patched again, but 83% of users aren’t running the latest version | 2020-11-20 | Security Magazine




Source…