Hackers are always looking for the slightest opportunity to trick users, infect their victims with malware, and take control of computers. To do this they often resort to deception techniques, or phishing, by which they get the user to install, for example, a malicious program or extension on the PC, thinking that it is real and trustworthy, and with which they will be able to compromise their security. This is exactly what has just happened to Google Chrome users, who have been victims of a network of zombie computers known as Cloud9.
Cloud9 is a computer network, or botnet, controlled by a group of hackers that allows hackers to remotely access any computer, all its data, and use it for any purpose. To do this, instead of installing a Trojan on the victims’ computers, this time they have used a malicious extension for Google Chrome (and any Chromium-based browser) that has been distributed through the Chrome Store. The extension in question appeared as a Flash plugin that allowed the browser to load this type of content.
Once the plugin was installed in Chrome, Edge, or whatever browser it was, it became part of the botnet, waiting to receive orders from hackers. In addition, hackers could also steal online accounts, record all keystrokes, and inject ads and malicious JavaScript code without raising suspicion among users. In addition, they also use infected computers to carry out denial of service attacks, or DDoS.
Check if I am infected by Cloud9
This extension has been available for quite some time in Google’s own Chrome Store, so many users have fallen for it looking for an alternative to be able to load Flash content within the browser. Since the security firm Zimperium reported the problem, the extension was removed from the Google store, although it is still moving through direct download and other extension sources.
To see if we are infected by this malware, what we must do is open the extensions panel of our browser and look for any entry that is related to Adobe Flash.
In case we find this extension in the list, we must delete it as soon as possible using the “Remove” button. In this way, we can make it disappear from the browser, although it is possible that traces of it remain on the PC. To erase it completely, we recommend completely remove chrome profile and recreate it.
In addition, we must also take measures with our accounts, such as changing passwords, to prevent hackers from using this data to put us at risk.
Finally, we recommend that you always activate the enhanced protection of Google Chrome, since this extension periodically analyzes the installed extensions and, if it finds any potential threat, it notifies us so that we can remedy it before it is too late.
In addition, of course, it is necessary to have Google Chrome always up to date to prevent hackers from taking advantage of security flaws in the browser to take control of it and, therefore, control of our data.
