Trojan Malware Targets Browser Extensions in Massive Campaign

The research team at ReasonLabs has identified a new large-scale campaign spreading Trojan malware through browser extensions. This campaign, active since 2021, targets users of Google Chrome and Microsoft Edge. The malicious software disguises itself as popular applications and games, distributed via fake websites mimicking resources like Roblox and YouTube.

The initial infection begins with the download of a malicious file that launches a PowerShell script. This script downloads additional components and installs extensions hidden from the user. These extensions steal data, redirect search queries through attackers’ servers, and even block browser updates.

Simultaneously, users are massively complaining about the inability to remove some of these extensions, which alter their browser settings, steal search queries, and download additional malicious components. Extensions under different names continue to appear, despite some being removed from extension stores.

ReasonLabs experts emphasize the importance of downloading software only from official websites and using antivirus software to check downloaded files. Users should remain vigilant and avoid downloading software from unreliable sources.

Google and Microsoft have been notified of the issue and are taking steps to remove malicious extensions from their stores. Nonetheless, attackers continue to update their scripts to evade detection by antivirus programs and perpetuate their malicious activities.

To prevent the installation of malicious extensions, it is recommended to regularly update antivirus software and be cautious when downloading programs from the internet. It is crucial to check reviews and ratings of websites before downloading any files from them. This helps protect devices from such threats and keeps personal data safe.