Yesterday morning, our solutions started giving many Google Chrome users repeated threat warnings. Trojan.Multi.Preqw.gen, which Chrome tried to download from a third-party site, was specified as the source of the threat. We explain what it’s all about and how to solve the problem. Malicious extensions Our show more ...
experts in collaboration with their colleagues at Yandex discovered that some culprits had abused more than twenty browser extensions to make Chrome work for them on users’ computers. The extensions that were made to perform malicious activity included a few fairly popular ones: Frigate Light, Frigate CDN and SaveFrom. These extensions installed in more than 8 million users’ browsers accessed a remote server in the background, trying to download malicious code, a process that our security solutions detect as dangerous. What were the attackers up to, and how did that threaten users? The attackers were interested in generating traffic to videos. In other words, the extensions were secretly playing certain videos in the users’ browsers, inflating view counts on streaming sites. The invisible video player was only activated when the user was actually browsing, so that the inevitable slowing down of the computer could be attributed to Chrome’s usual lag when under load. According to our colleagues at Yandex, the users of some of the extensions could occasionally hear the sound from the videos that were being played in the background. Besides that, the malicious plug-ins intercepted access to a social network, probably for inflating like counts later. Regardless of the actual goals, a compromised social media account is something one would rather avoid. What can be done? If your security solution starts detecting threats in Google Chrome or any other Chromium-based browser, the first thing you need to do is disable the malicious plug-ins, as those are what the security application reacts to. If you are not sure which of the plug-ins is dangerous, try disabling them one at a time until you find the right one(s). Yandex, for their part, has automatically disabled a number of extensions in its Yandex.Browser (which too is based on Chromium), and continues to look for other plug-ins that pose a threat. If you are not using Kaspersky products yet, but you suspect that there is a dangerous application on your computer, it might make sense to install one of our solutions for home users. Then again, it makes sense to do that in any case.
Internet domain company GoDaddy used a holiday bonus notification to test employees on email phishing scams, after workers had already been told they would not receive a bonus this year.
Microsoft identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago.
Hackers affiliated with the Russian government have reportedly accessed emails from at least one company in the private sector and accessed Microsoft cloud customers' information through a third party.
The local privilege-escalation bug in Windows 8.1 and Windows 10 (CVE-2020-0986) exists in the Print Spooler API. It could allow a local attacker to elevate privileges and execute code in the context of the current user.
The discovery of the breach comes after a string of cyberattacks targeted companies in Israel. Earlier this month, sensitive data of Israeli citizens was leaked and sold after the Shirbit insurance company was targeted in a ransomware attack.
Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. The Conti ransomware gang published over 26 GB of data on their ransomware data leak site.
Researchers say attackers are using different attack vectors to target Media agencies in Western Europe, Southeast Asia, and North America. Recently, the Al-Jazeera group fell victim to a crime.
Emotet botnet has returned after a two-month hiatus with Christmas and COVID-19-themed campaigns that touch base with at least 100,000 targets per day.
The NSA has released a security advisory detailing to attack techniques allegedly used by the SolarWinds hackers to escalate access from local networks to cloud resources.
A web skimming group inadvertently leaked a list of dozens of online stores it hacked while attempting to deploy a stealthy RAT on compromised e-commerce sites.
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. "An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, potentially leading to
New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal