News Targeted


Category: Google|Feb 28, 2017 | Author: Admin

Chrome Users Forced By Websites to Install Extension Before Leaving

Share on

A recently found malvertising campaign is targeting the Chrome users and redirecting them to websites which they can’t leave without installing a malicious Chrome extension.

A recently found malvertising campaign is targeting the Chrome users and redirecting them to websites which they can’t leave without installing a malicious Chrome extension.

While this is not exactly a common practice among the malvertising, which generally redirects the users to places where a stronger malware can be delivered, including adware, ransomware, banking trojans.

The expert from Malwarebytes, Jérôme Segura said that these recent malvertising campaigns are targeting Chrome users and redirecting them to other scam sites, rather traditionally redirecting to malware-ridden sites.

Segura wrote saying,”This malvertising flow (an XML feed) demonstrates how the user is redirected to a fake site which is forcing them to install a Google Chrome extension. Enticing may, in fact be a euphemism, since in this case user is giving no choice other than to ‘Add Extension to Leave’, while their browser is just stuck in a never ending loop of those fullscreen modes,” Segura writes.

So what will happen once this extension is installed? It will make sure that it stays in hiding by using a 1×1 pixel image as the logo, which becomes a blank space next to the Chrome menu, where extensions are generally present. It also hooks the chrome://settings and chrome://extensions in such a way that any attempts to access these is automatically redirected to chrome://apps so that users cannot get the extension uninstalled.

The bad stuff is in a couple of JavaScript files. One has a connection to a command & control server where it can receive instructions on what to do next.

“The perpetrators behind this extension are checking for certain keywords within the current URL and blocking/redirecting if the conditions are met. For instance, if the user tries to visit the Malwarebytes website, the browser will immediately get redirected, first to a YouTube video, and then to one of various Potentially Unwanted Programs (PUPs), get-rich-quick schemes, and various other scams,” the blog reads.

Sponsored Ads:

Comments:

Previous article >


Can force Facebook to allow it

Category: IT|May 5, 2024 | Author: Admin

Siri can no longer tell the clock

Category: Apple|May 4, 2024 | Author: Admin

Struggling with VPN

Category: Microsoft|May 3, 2024 | Author: Admin

This is how Huawei tricked its way into the US

Category: IT|May 2, 2024 | Author: Admin

Edge 125 arrives in Beta with sleeping tab improvements and other changes

Category: IT|May 1, 2024 | Author: Admin

Now the iPad opens

Category: Apple|Apr 30, 2024 | Author: Admin

Woke up locked out of Apple ID on iPhone

Category: Apple|Apr 29, 2024 | Author: Admin

Google has a hidden collection of highly-addictive retro games

Category: Google|Apr 28, 2024 | Author: Admin

Google is officially a $2 trillion company

Category: Google|Apr 27, 2024 | Author: Admin

Snowden: “DO NOT use Reddit!”

Category: IT|Apr 26, 2024 | Author: Admin

Popular Google app used by millions set to close in a few weeks

Category: Google|Apr 25, 2024 | Author: Admin

Cheeky, YouTube!

Category: Google|Apr 24, 2024 | Author: Admin

This is the date Apple will reveal new iPads

Category: Apple|Apr 23, 2024 | Author: Admin

Only possible with VPN

Category: IT|Apr 22, 2024 | Author: Admin

Apple sidles into sideloading in the EU

Category: Apple|Apr 21, 2024 | Author: Admin
more