Researchers uncover Cloud9, a new botnet for phishing on Google Chrome

Share post:

After launching a phishing attack known as Cloud9 against Google Chrome users, threat actors have decided to bring cloud nine to us instead of taking us to cloud nine. The Cloud9 Chrome browser botnet steals online accounts, logs keystrokes, injects ads and malicious JS code, and engages in DDoS attacks via the victim’s browser.

Cloud9 is a computer network, or botnet, controlled by a group of hackers that allows hackers to remotely access any computer, including all its data, and use it for any purpose. Instead of installing a Trojan on victims’ computers, they used a malicious extension for Google Chrome and any other Chromium-based browser distributed through the Chrome Store. The extension appeared as a Flash plugin, allowing the browser to load this type of content.

The vulnerabilities CVE-2019-11708 and CVE-2019-9810 in Firefox, CVE-2014-6332 and CVE-2016-0189 in Internet Explorer and CVE-2016-7200 in Edge are the exploiters.

If the plugin is installed, it will join the botnet and wait for orders from hackers. In addition, hackers could steal online accounts, record all keystrokes and inject ads and malicious JavaScript code without arousing the suspicion of the user. They also use infected computers to launch denial of service (DDoS) attacks.

Even without the Windows malware component, the Cloud9 extension can steal cookies from the compromised browser and be used to hijack valid user sessions and take over accounts.

The malicious Chrome extension is not available on the official Chrome Web Store, but it is disseminated through other channels, such as websites that promote fake Adobe Flash Player updates.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways