Malvertising attack distributes malicious Chrome extensions, backdoors

Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly.

Cisco Talos researchers have identified malvertising campaigns using fake installers of popular games and applications, such as WeChat, Viber, Battlefield, and NoxPlayer, to lure users into downloading an undocumented, malicious Google Chrome extension and a backdoor.

Malvertising attack distributes malicious Chrome extensions, backdoors

A security researcher alerted Google of the malvertising campaign in Aug 2021.

The objective is to steal data and credentials from the compromised system and maintain remote access. Cisco Talos researchers named this campaign Magnat because the malware payloads are tied to an unidentified actor using the alias Magnat.

About the Attack

Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly. The attacks distribute two forms of undocumented custom-made malware.

According to researchers, victims are lured through malvertising, which involves malicious online ads, to download fake installers onto their systems. These installers do not install the advertised software but three forms of malware, including a password stealer, a malicious browser extension, and a backdoor.

These enable keylogging and

Read More: https://www.hackread.com/malvertising-malicious-chrome-extensions-backdoors/