Windows 10 targeted by Chrome-exploiting malware campaign

Threatpost reports that threat actors have been targeting users of devices running on Windows 10 with a new malware campaign that delivers malware through a compromised website on Google Chrome in an effort to exfiltrate sensitive data and cryptocurrency. The malware evades User Account Control to facilitate successful infections and achieves persistence through the exploitation of "a Windows environment variable and a native scheduled task to ensure it persistently executes with elevated privilege," said Rapid7 Research Analyst Andrew Iwamaye. Rapid7 researchers also found that the malware has also averted browser updates and established conditions to enable the execution of arbitrary commands. "The malware we summarized in this blog post has several tricks up its sleeve. Its delivery mechanism via an ad service as a Windows application (which does not leave typical web-based download forensic artifacts behind), Windows application installation path, and UAC bypass technique by manipulation of an environment variable and native scheduled task can go undetected by various security solutions or even by a seasoned SOC analyst," Iwamaye wrote.