Hacking campaign spreading malware through Chrome extensions
Researchers have tracked a hacking campaign spreading malware through breached websites and Chrome extensions.
The campaign has been active since November 2022.
The infection chain starts by injecting malicious JavaScript code that activates scripts when a user visits the website.
If a targeted visitor browses the site, the scripts will display a fake Google Chrome error screen that convinces users to launch a bogus update to improve their user experience.
When activated, the script automatically downloads a ZIP file disguised as a Chrome update.
This ZIP file contains a Monero miner that will use the infected device's CPU to mine the Monero cryptocurrency for the threat actors.
أضف تعليقاً: