A recent report has shed light on the tactics used by cybercriminals to evade detection and install malicious extensions on users’ devices. The report explains that these malicious extensions initially appear as legitimate tools, making it difficult for users to detect any foul play.
According to the report, once the user downloads the so-called utility, the extension attempts to install the legitimate extension alongside the malicious payload. This deceptive tactic ensures that the user still receives the expected tool, masking the true intentions of the malicious software.
The malicious extension utilizes a PowerShell script to run the payload with administrator permissions. In cases where the script lacks the necessary permissions, it takes additional steps to carry out its malicious activities. The script attempts to create a new System32 directory and copy a file called ComputerDefaults.exe to this location. Subsequently, the script generates its own malicious DLL named MLANG.dll and endeavors to execute it using the ComputerDefaults executable.
Furthermore, the PowerShell script cleverly conceals the malicious DLLs and Trojan executable by encoding them as basic base64 strings. This encoding technique helps the script bypass detection mechanisms, allowing it to decode the Trojan and write it to the directory it established earlier. The Trojan is saved as Launcher.exe, with the directory being intentionally excluded from monitoring by Windows Defender.
The elaborate scheme devised by cybercriminals underscores the lengths to which they will go to infiltrate users’ devices and carry out nefarious activities. By camouflaging the malicious extension as a legitimate utility and utilizing complex scripts to evade detection, these threat actors pose a significant risk to unsuspecting users.
In light of this report, users are advised to exercise caution when downloading and installing extensions or software from unknown sources. It is crucial to stay vigilant and ensure that all downloads come from reputable sources to minimize the risk of falling victim to such malicious schemes.
Ultimately, cybersecurity awareness and proactive measures are essential in safeguarding against the ever-evolving tactics employed by cybercriminals. By staying informed and implementing best practices for online security, users can mitigate the threat posed by malicious extensions and maintain the integrity of their devices and personal information.