This Chrome Extension Can Steal Passwords, Initiate DDoS Attacks From Your PC

Over 30 years since it was first developed, the web browser continues to be the primary medium through which people browse the internet. Even though the modern-day web browser has found its way into handheld devices like smartphones and tablets, a large chunk of users continues to use them on computers and laptops. Initially designed as a tool to access text-based documents stored on web servers, the browser of today has metamorphosed into a versatile tool capable of running powerful web applications.

Today, the most popular web browser on the planet is Google Chrome, which holds an estimated 65% of the browser market (via Stat Counter). One of the reasons for the massive popularity of this browser is its support for a wide variety of browser extensions. These are nifty software programs that let users add custom features to the browser. Unfortunately, the popularity of browser extensions has resulted in these tools being misused by hackers.

Security analysts working at Zimperium, a cybersecurity company, recently came across a malicious browser extension called Cloud9. If installed on a computer, the Cloud9 malware has the potential to infect it and steal personal information stored on the browser. If left unchecked, Cloud9 could also install another malware on the device, which would then take complete control of the system.

What other harm could the Cloud9 extension cause?

Analysts at Zimperium classify the Cloud9 extension as a remote access trojan (RAT) that possesses a wide variety of functionalities. For example, the extension could steal cookies stored on your browser. It also had a keylogger component, which essentially keeps track of every keystroke you make on the system. The extension could even be used to perpetrate DDoS attacks from the infected PC.

Besides these, this extension also has the ability to execute JavaScript code from third-party sources. Some variants of Cloud9 also had the capability to mine cryptocurrencies from right within the browser using the resources of the victim's computer. During their research, they also chanced upon two separate variants of the malware, including one with even more capabilities and a handful of bug fixes.

While we know very little about the origins of the Cloud9 browser, Zimperium claims that it is the handiwork of the Keksec malware group, which was originally formed in 2016. Thankfully, despite being around for a long time, there are no known victims of the Cloud9 malware. This had a lot to do with the fact that this malicious extension never made it to the Chrome Web Store — or any other web store — thanks to Google's stringent app approval policy. Needless to say, the easiest way to safeguard your system from malicious browser extensions is to stick to tried and tested extensions officially available via the Chrome Web Store or whatever official repository your browser uses.