Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet
(Feb 1, 2018)
A new botnet, dubbed "Droidclub," is infecting browsers via malicious extensions in the Google Chrome Web Store, according to Trend Micro researchers. At the time of this writing, approximately 500,000 downloads of malicious extensions associated with Droidclub have taken place. The extensions are capable of injecting advertisements and cryptocurrency mining code into websites that an infected machine visits. The threat actors behind this campaign use malvertisements to promote downloads of the malicious extensions.
Recommendation: While web browser extensions can be useful in day-to-day business activities, it is possible, as this story describes, for malicious extensions to make their way into legitimate services (Google has since removed the malicious extensions). Your company should only use browser extensions and add-ons provided by trusted providers.
Indicators of Compromise (IOCs) associated with this story can be viewed by Threat Stream users here to identify potential malicious activity.