More than 300,000 Google Chrome and Microsoft Edge users have been impacted by a massive ongoing malware campaign involving malicious browser extensions that facilitate data exfiltration and command execution while bypassing antivirus tools, reports BleepingComputer.
Malvertising exploiting Google search results has been leveraged to lure victims into downloading fraudulent software installers, including YouTube downloader, Roblox FPS Unlocker, and VLC video player, which run a PowerShell script enabling payload retrieval and execution, as well as forces installation of extensions, all of which have since been removed from the Chrome and Edge stores, according to a report from ReasonLabs. Such extensions have been used to enable search query takeovers and redirections to revenue-generating pages, as well as allow login credential theft, online activity tracking, and command execution. Aside from altering browser shortcut links to load the extensions, such payloads also hinder further security updates, said researchers, who noted that infections could be remediated only through a multi-step process involving the removal of a scheduled task, malicious registry entries, and malware files.
