Novel widespread click fraud campaign uncovered

Threat actor DEV-0796 has deployed malicious browser extensions in an ongoing widespread click fraud campaign targeted at gamers, according to The Hacker News. Such attacks seek to monetize browser node-webkit- or malicious browser extension-generated clicks, reported Microsoft Security Intelligence. Microsoft noted that DEV-0796 begins the attack using an ISO file downloaded from malicious YouTube ads or comments and opening the file, which purports to be cheats for the first-person shooter game Krunker, would prompt the installation of either the NW.js browser node-webkit or a browser extension. The report also showed the utilization of DMG files used for software distribution in macOS, suggesting that various operating systems are being targeted by DEV-0796. Gaming cheats have also recently been used as a lure in a separate campaign reported by Kaspersky. "Malware and unwanted software distributed as cheat programs stand out as a particular threat to gamers' security, especially for those who are keen on popular game series," said Kaspersky.