Google Chrome users are being warned to update their app as a malicious extension is circulating that can siphon money from bank accounts.
The extension, called Cloud9, allows hackers to gain access to personal accounts and steal information available during a browser session.
Security firm Zimperium says Cloud9 can also install malware on a user’s device, meaning hackers can remotely control the device and steal user passwords and credit card information.
The extension is not available in the official Chrome Web Store, but it spreads through channels such as websites promoting fake Adobe Flash Player updates.
The dangerous extension comes from the Keksec malware group, which was originally created in 2016.
The number of victims affected by the malware is unknown at this time, but the group “targets all browsers and operating systems,” according to Zimperium.
Zimperia researcher Nipun Gupta said in a report: “We found several screenshots from a hacker forum where the threat actor is showing off the victims he is attacking. The Cloud9 botnet is being sold either for free or for a few hundred dollars on various hacker forums.” .
“Because it’s quite trivial to use and freely available, it can be used by many malware groups or individuals for specific purposes.”
Microsoft Edge users may be affected
The threat is not only a problem for Chrome, but also for Microsoft Edge users, which uses the same technology behind the scenes.
Bleeping Computer, a website that covers technology news and offers free computer help, said on its website that “even without a Windows malware component, the Cloud9 extension can steal cookies from a compromised browser, which threat actors can use to steal valid user sessions and take over accounts.”
The website added: “The malware contains a keylogger that can snoop on keystrokes and steal passwords and other sensitive information. Also present in the extension is a ‘clipper’ module that constantly monitors the system clipboard for copying passwords or credit cards.
“Cloud9 may also insert ads by silently loading web pages to generate ad impressions and thus revenue for its operators.”
What did Google recommend?
Google told Bleeping Computer: “We always recommend that users update to the latest version of Google Chrome to ensure they have the most up-to-date security protection. Users can also stay better protected from malicious executables and websites by enabling Enhanced Privacy Protection. and security settings in Chrome.
“Enhanced protection automatically warns you about potentially risky sites and downloads and checks the safety of your downloads and warns you when a file may be dangerous.”