Technology and Science

Home » Lifestyle » Technology and Science

Avatar photo

By Cheryl Kahla

Content Strategist

4 minute read

14 Nov 2022

06:26 pm

Hackers can access your laptop via Cloud9 Chrome extension – Here’s how

Hackers are using a Chrome extension to control your PC remotely. Here's what you need to know about Cloud9.

cloud9-chrome-extension-hackers

Using Cloud9, hackers can easily take over valid user sessions and access your information. Photo: iStock

There’s a new malicious Google Chrome extension on the Internet block and if you’re not careful, hackers could use Cloud9 to gain access to your computer.

The extension can reportedly log your keystrokes (which it can then use to gain access to your online accounts) and inject ads and malicious JS code.

The malware, first discovered by the Zimperium zLabs team, could also make you the target of DDoS (distributed denial-of-service attack).

Cloud9: What you need to know

The browser bot operates as a remote access trojan (RAT) for the Chromium web browser.

This means Chrome and Microsoft Edge browsers are at risk.

How Cloud9 works

And you don’t even have to download it from the Chrome extension store, it can find its way onto your computer quite easily if you’re not careful.

Websites created to lure you in will use bogus Adobe Flash Player update notifications to spread the virus and steal cookies.

With this, hackers can easily take over valid user sessions and access your information.

The bot has already been detected in several countries.

Malicious code and keylogging

The bot exploits multiple vulnerabilities to mine cryptocurrency, inject malicious code and install malware – some of which contain keylogger software.

Once this is on your PC, hackers can easily track every keystroke you make, including your login information and passwords.

The Zimperium team warns: “A ‘clipper’ module was also discovered in the extension, which allows the PC to access copied passwords or credit cards”.

Webpages running in background

Remember the ‘injecting malicious code’ part?

So, the Cloud9 creators can generate income by loading advertisement code on webpages running in the background.

While this is not necessarily dangerous – unless you’re using a hotspot or any form of billed data, meaning your data will be depleted real fast – it still raises a red flag in terms of access to your PC.

Zimperium traced the origin of the Cloud9 malware to Keksec, a group originally formed in 2016; it is popular for mining-based malware and botnets, as well as DDoS.

Take these steps

The easiest way to see if software is running in the background is to head over to Windows Task Manager (just press Ctrl+Alt+Delete) and select the ‘Processes’ tab.

This will return a list of active applications, background processes and other bits of software.

If anything suspicious pops up, do a Google search to see if it has any malware warnings.

You can also go the ‘Services and Applications’ menu or the ‘Programs’ menu in your Control Panel and sort the list by date installed.

The malware may also appear in the Chrome extension menu as Flash Player 2.3, or Adob Flash Player free download (note: Adob, not Adobe).

NOW READ: 5 tips for surfing the internet safely

Read more on these topics

Cybercrime hackers internet

Catch up with the latest news from The Citizen on WhatsApp by following our channel. Click here to join.

EDITOR'S CHOICE

Elections Cele says anyone that disrupts elections will be dealt with
Elections New poll shows support for ANC close to 40% a month before elections
Politics Bye bye parliament? MK party comrades sent packing weeks before national elections
Local Soccer Mokwena unsure of Sundowns future after Champions League exit
Courts Here’s why Electoral Court overturned IEC’s decision to bar Zuma’s candidacy

Click here to get The Citizen news and updates on Whatsapp.

Find out more

RELATED ARTICLES

Access premium news and stories

Access to the top content, vouchers and other member only benefits

Subscribe