Note: the author's name for this extension has been confirmed as fake, the goal is currently being clarified.
Notably, this is an extension to replicate IDM extension - Internet Download Manager is very popular in Vietnam, can be used on the top 2 browsers Google Chrome and Coc Coc. Although not strange with this form of fraud, but the sophistication and professionalism in the way of action as well as the victim is Vietnamese, the experts have continued to trace very small traces. The results really surprised the group of experts - even though they were used to the world of cyber security many events.
Hackers have captured a large amount of electronic accounts, including Vietcombank accounts
According to preliminary statistics, this hacker group has stolen login information (Username / Password) of about 55,000 Facebook accounts, 6,000 Google accounts, 5,000 Yahoo accounts and the most frightening is over 5 million cookies of universal pages. variables like Facebook, Google Mail, Yahoo Mail, Hotmail or even PayPal. With the hacker group owning cookies, if you are careful to use the 2-layer security feature, please give condolences, they can still completely take over your rights.
Many banking customers are also victims of hackers
Experts also note that this type of malware has existed for a long time but has not been captured by antivirus software and prevented because of mischief in the mode of infection. Users can "accidentally" infect this malware via two main routes:
When users download pirated software from any website (uploaded by hackers), in the crack file will attach a task execution file in the following order: turn off the browser (Chrome / Coc Coc) if running , create a connection to the extension page and finally download the extension and install it in the victim's computer.
The log logs that the executable file automatically downloads and installs the extension.
Previously, by circumventing the law, hackers have posted 11 different versions of this fake extension on the Chrome Web Store. Hackers will spread many curious links, the victim after clicking will get invited to install a "plugin" (to see the content, to use the web faster, etc.). Because the extension exists on Chrome Web Store properly, most users will accept the installation.
This extension has many rights that can be abused on bad and unnecessary.
Here the hacker continues to take another name in the author section.
How hackers can upload up to 11 different versions of this malicious extension and overcome many security tools, due to the framework of a limited article, we will provide details for you. read on the next lesson. Going back to the incident, this extension after being installed will steal the victim's login information when accessing all websites, as well as recover all user cookies sent to the hacker server.
So when you read this article, readers should immediately take the following steps, especially when you find yourself having the same behavior as what is mentioned in the 2 ways of infection above:
At the same time as checking your computer, readers should actively share this information to those around you, especially those with little knowledge of technology. Don't let bad guys take over people's information, or use them to serve more dangerous purposes.
We will give detailed information on how security experts find out the culprit group in the next articles. Looking forward to your attention.
Follow genk