The software hosts malicious websites on these popular browsers that mimic legitimate software from sites like YouTube and Roblox.
When victims download the malware, it allows the attackers to gain access to the user’s personal information, which may include bank details.
Experts explained that this malware is particularly dangerous because it cannot be removed by simply deleting the file – it is installed every time the computer is restarted.
According to ReasonLabs, the company that exposed the attack, from 2021 at least 300,000 people fell victim to this malware attack.
Kobi Kalif, CEO and co-founder of ReasonLabs, said: “This newly discovered malware campaign is just the latest example of how cybercriminals are targeting consumers in the digital space. Our research team continues to work to combat these threats and provide users with the tools, knowledge and information to protect themselves online. We alerted Google and Microsoft as soon as we became aware of this issue, and they are taking appropriate action.”
People unknowingly downloaded software thinking they were installing a Chrome extension, but instead loaded a PowerShell script onto their computer.
This connects the hacker’s remote server to the victim’s computer and allows the hacker to forcefully install all the malware on Chrome and Edge.
Once an extension is installed on a device, “the user cannot remove it, even if developer mode is enabled [angl. developer mode]ReasonLabs said.
Hackers can then gain access to user requests (eng. user query) from sites like Ask.comBing and Google and thereby gain access to its data.
How to identify malware
Users can identify the malware by a name that sounds like “c:/windows/system32” and a PowerShell script that ends with “.ps1”.
To find it, users should open Task Scheduler from the Start menu and open the Task Scheduler Library option to display all downloaded “tasks” (downloads) installed on the computer. tasks).
To find detailed information about a file, the user should click Actions. actions), followed by the File Information option. file details).
How to remove malware
According to ReasonLabs, “newer versions of the app script remove browser updates.”
Fortunately, if you don’t want to upgrade Chrome or Edge to a newer version, there is a way to manually remove the malware from your device to completely remove it from your computer, although it’s a lengthy process.
After identifying which “tasks” are malware, users need to remove registry keys ( registry keys) that force the computer to reinstall the software and continue to run it in the background.
Select the Registry Editor option from the Start menu and right-click on the Chrome extension Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist and select Uninstall. delete).
Users will also need to delete the following extension: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Google\Chrome\ExtensionInstallForcelist.
You will need to repeat these steps for the Edge extension at Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstall.
Adapted from the Daily Mail.
2024-08-14 12:56:39