Threat Management

Novel Chrome botnet detailed

Malicious Chrome browser extensions are being leveraged by the novel Chrome botnet Cloud9 to facilitate online account theft, keystroke logging, and ad and malicious JavaScript code injections, as well as distributed denial-of-service attacks, BleepingComputer reports. Threat actors have been using fake Adobe Flash Player updates to spread Cloud9, which contains JavaScript files with system information collection, cryptocurrency mining, DDoS attack execution, and script injection capabilities, according to a report from Zimperium. Aside from exfiltrating compromised browsers' cookies, Cloud9 could also enable user session hijacking and account takeovers. Passwords and other sensitive data could also be stolen by a keylogger within the malware, while the malware's clipper module also tracks copied credit cards and passwords. Cloud9 was also observed to execute layer 7 DDoS attacks, which Zimperium said are "very hard to detect." Cloud9 has been associated with the Keksec malware operation, with Zimperium noting the usage of the same C2 domains in the Cloud9 campaign and previous attacks by Keksec.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.