al capone
Advanced
- Joined
- 13.09.20
- Messages
- 159
- Reaction score
- 2,106
- Points
- 93
Experts have identified more than twenty modified extensions, including the popular Frigate Light, Frigate CDN and SaveFrom.
Experts from Kaspersky Lab and Yandex have discovered a large-scale potentially malicious campaign in which attackers inject malicious code into browser extensions. Experts have identified more than twenty modified extensions, including the popular Frigate Light, Frigate CDN and SaveFrom.
With the help of malicious code embedded in extensions, attackers can gain access to user accounts in one of the popular social networks (experts do not give its name), as well as without their knowledge, wind up watching videos, including advertising, on various sites. In the background, extensions generate fraudulent traffic by playing videos in hidden tabs, and also intercept tokens for accessing the social network.
As experts specified, the fraudulent scheme is launched only in the case of active use of the browser, and the code itself is equipped with a mechanism to protect against detection. The only thing that users could notice was the device slowing down. According to the leading expert of Kaspersky Lab Sergey Golovanov, the number of potential victims of the fraudulent scheme exceeds one million.
Yandex has detected a hidden traffic flow and disabled extensions in Yandex. Browser. Kaspersky Lab products also block such activity. The results of the joint investigation of both companies have already been passed to the developers of the social network and the most popular browsers to help them prevent similar attacks in the future.
Anton Mityagin, head of the Internet Security and Fraud Prevention Department at Yandex, explained that the traffic generated by malicious extensions is very difficult to detect, since it is mixed with real user actions. In this case, after noticing suspicious traffic, the company's specialists turned to Kaspersky Lab for help.
Experts from Kaspersky Lab and Yandex have discovered a large-scale potentially malicious campaign in which attackers inject malicious code into browser extensions. Experts have identified more than twenty modified extensions, including the popular Frigate Light, Frigate CDN and SaveFrom.
With the help of malicious code embedded in extensions, attackers can gain access to user accounts in one of the popular social networks (experts do not give its name), as well as without their knowledge, wind up watching videos, including advertising, on various sites. In the background, extensions generate fraudulent traffic by playing videos in hidden tabs, and also intercept tokens for accessing the social network.
As experts specified, the fraudulent scheme is launched only in the case of active use of the browser, and the code itself is equipped with a mechanism to protect against detection. The only thing that users could notice was the device slowing down. According to the leading expert of Kaspersky Lab Sergey Golovanov, the number of potential victims of the fraudulent scheme exceeds one million.
Yandex has detected a hidden traffic flow and disabled extensions in Yandex. Browser. Kaspersky Lab products also block such activity. The results of the joint investigation of both companies have already been passed to the developers of the social network and the most popular browsers to help them prevent similar attacks in the future.
Anton Mityagin, head of the Internet Security and Fraud Prevention Department at Yandex, explained that the traffic generated by malicious extensions is very difficult to detect, since it is mixed with real user actions. In this case, after noticing suspicious traffic, the company's specialists turned to Kaspersky Lab for help.