Beware installing Extensions outside of Chrome Web Store

A new malicious Google Chrome and Microsoft Edge browser botnet named ‘Cloud9’ is infecting systems across the world. Users are unknowingly installing this botnet via malicious extensions downloaded from outside the Chrome Web Store. More commonly, users are blinding installing an update to Adobe Flash Player via malicious and faske pop-up when visiting certain none-reputable sites. A reminder, In case you were not aware Adobe ended support for Flash Player nearly 2-years ago on December 30, 2020.  Also, Google Chrome had its own built-in Flash Player support which did not require the user to install any plugins.

The malicious Chrome extension isn’t available on the official Chrome web store but is instead circulated through alternative channels, such as websites pushing fake Adobe Flash Player updates.

Malicious browser extension on Chrome
The malicious browser extension on Chrome (Zimperium)

First thing I noticed about this extension screenshot above was the misspelled name: Adob flash player. So how bad is this botnet? Real bad…it can:

Steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim’s browser in DDoS attacks.

This is why it is so important to always install Chrome and Edge extensions from the Chrome Web Store. Also, never ever attempt to install an Adobe Flash Player update. Adobe Flash is dead (replaced by HTML5) and Chromium browsers (Chrome and Edge) users plugins would never had been out of date.

via BleepingComputer