Pirated Games Install Malicious Chrome Extensions, Affecting 1.5 Million Users
Security experts from Reason Labs have unearthed a malicious campaign that targeted gamers through pirated versions of popular video games such as ‘Grand Theft Auto,’ ‘Assassins Creed,’ and ‘The Sims 4.’ These games, distributed via torrent sites, came bundled with three rogue Google Chrome extensions named netPlus, netSave, and netWin. The extensions were craftily installed by adding a key to the Windows registry system, a technique that helped evade the users’ notice.
Malicious Extensions Pose as VPN Clients
These deceptive extensions were designed to impersonate VPN clients and carried out a unique form of attack. They disabled any existing cashback plugins in the browser while shopping online and replaced them with their affiliate links. This sinister move redirected any potential refunds from the user to the attackers. The intricate nature of these extensions, with their code running over 20,000 lines, has made comprehensive analysis a daunting task, leaving the full extent of their functionality hitherto unknown.
Wide-Reaching Impact of the Campaign
The campaign potentially impacted up to 1.5 million users, with netPlus being the most prevalent of the three extensions. Approximately 1,000 active torrent sources spewing out the infected game installers were identified. Although primarily targeting Russian-speaking countries like Russia, Ukraine, and Kazakhstan, the global nature of pirated content downloads meant that any user could be at risk.
Removal and User Advisory
Following the discovery, the malicious extensions were promptly removed from the Chrome Web Store. However, they could still linger in users’ browsers. Users, particularly those who download games and software from torrents, are strongly advised to examine their installed extensions meticulously to ensure they haven’t fallen prey to this deceptive campaign.
Pirated Games Distribute Rogue Chrome Extensions: 1.5 Million Users at Risk - BNN Breaking
Read More
No comments:
Post a Comment