New Google Chrome Feature to Warn Users About Potential Malicious Extensions
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
In its latest announcement Google revealed that Chrome users will now be notified about extensions that have either been removed, marked as malware, or are unpublished by the developer.
These forms of extensions are created by developers with dubious intent and are used for nefarious purposes like collecting browser data, launching adware, or redirecting users to phishing pages.
Keeping in mind its commitment towards protecting users as well as boosting the security associated with its web browser ecosystem, the company is said to feature this new update as part of Chrome 117.
The feature ‘’Safety Check’’ once enabled will be a part of ‘’Privacy and Security’’ settings section and will prompt users to review extensions that have been removed from the Google Web Store.
According to the announcement, the notification will automatically clear once the issue is resolved. This system will not only reassure but also give both the users and developers time to review and address the problem. By doing this, the tech company hopes to reduce any adverse impact on genuine extension.
‘’The notification will not be displayed for an extension when the developer has been notified of a possible violation and has been given time to address the issue or appeal, the statement read. [..] ‘’When a user clicks “Review,” they will be taken to their extensions and given the choice to either remove the extension or hide the warning if they wish to keep the extension installed,’’ it further stated.
The previous versions of Chrome are known to automatically disable extensions marked as malwares.
Moreover, the company in the coming months is also planning to roll out additional safety warning features in Chrome. Users when downloading high-risk files will now be warned, especially when they are connected to insecure connections.
Threat Actors Use a VPN’s Code Signing Certificate to Deploy Cobalt Strike Malware
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
A new discovery by security researchers revealed an espionage campaign targeting the Southeast Asian gambling industry. The campaign linked to China-aligned Bronze Starlight ransomware group was seen abusing software vulnerable to DLL hijacking like Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan.
According to SentinelLabs researchers, the group used these tools to deploy Cobalt Strike malware on targeted machines.
The attacks use malware loaders (agentupdate_plugins.exe and AdventureQuest.exe) to deploy .NET executables on targeted machines, which download data stored in password-protected zip archives from Alibaba buckets. The malicious DLLs are stored in the zip archives.
It was observed that the malware loaders employ a geofencing feature meant to stop execution if they find machines with IPs in the US, Germany, France, Russia, India, the UK, and Canada. However, due to errors in implementation, the feature does not work.
The actors also known as DEV-0401 or SLIME34 even use stolen code signing certificate given to Ivacy VPN provider, Singapore-based PMG PTE Ltd. A common technique employed by Chinese APT groups as VNs help the hackers gain access to sensitive user information and communication.
The campaign is believed to be a part of the ChattyGoblin-related attack mentioned by ESET in its quarterly report. Way back in March 2023, this series of attacks were identified by ESET in which Chinese APT groups were seen using trojanized chat applications to target Southeast Asian gambling companies.
‘’We observed malware and infrastructure likely related to China-aligned activities targeting this sector. The malware and infrastructure we analyze are related to indicators observed in Operation ChattyGoblin and are likely part of the same activity cluster,’’ the report observed.
However, SentinelLabs states that despite seeing the techniques and tactics specific to Bronze Starlight, it’s difficult to attribute the campaign to this group. The report notes that there is widespread sharing of malware and infrastructure management processes between Chinese APT groups, thus making ‘’high confidence clustering difficult based on current visibility’’.
