As per the Palo Alto cyber security analyst, a recent adware campaign has been found targeting google search engine requests through malicious browser extensions.
Palo’s threat intelligence claims that attackers despite using malicious advertisements, malware being widespread potentially leaking data of millions of users and Organizations. Malware uses a bowser extension Dubbed Chromeloader that serves as both “adware and info stealer” as per the Cybersecurity research from Palo’s.
Usually, adware is a term used to describe software that generates a “Pop-up” ad in the browser. But in this case, adware is deployed to steal the user search data without the user’s knowledge.
Palo says that the extension installs a listener on the browser, which allows the user to intercept the traffic incoming and outgoing and uses to trace the traffic whether it was sent to search engines such as bing.com, Google.com, or Yahoo.com. If the search query is successful then the data will send the search details to the Command and Control (CnC) used by the Cyber Criminals by leaking the victim’s interests and thoughts.
Chromeloader is a multi-stage malware family, Palo detected three variants that target Windows systems, and others specifically aimed at Mac Users as per Palo-Alto research.
The malware authors used to obfuscate the techniques to cover the cybercriminal tracks, but in this case, this was found to be “switch-case Oriented Programming” language which made authors harder to detect. After all such attempts, the Palo Alto team was able to discover the adware program and the cybercriminal campaign that were responsible for these attacks.