The Malware Kill Chain
The Google Chrome extension installation is one of the most common ways cyber-criminals use to spread malware.
Although Google has removed all the malicious extensions, if you have installed any of them, you should immediately uninstall it and change passwords for your Facebook, Instagram and other accounts where you are using the same credentials.
List of Malicious Chrome Extensions
Here’s the list of the malicious extensions:1. Nigelify2. PwnerLike3. Alt-j4. Fix-case5. Divinity 2 Original Sin: Wiki Skill Popup6. Keeprivate7. iHabno
Once the extension is installed on the Chrome browser, a malicious JavaScript is executed that downloads the initial configuration from the C2.
Configuration File
Afterwards, a set of requests is deployed, each with its own purpose and triggers.
Communication Protocol
The malware depends on Chrome and runs on both Windows and Linux.
Malware Capabilities:1. Data Theft2. Facebook Propagation3. YouTube Fraud4. Cryptocurrency Mining5. Persistency @Google