Microsoft said it is tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. The tech giant’s cybersecurity division is tracking the developing threat cluster under the name DEV-0796.
The attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices.
Attach chains mounted by the adversary commence with an ISO file that is downloaded onto a victim’s machine upon clicking on a malicious ad or comments on YouTube. The ISO file, when opened, is designed to install a browser node-webkit (aka NW.js) or rogue browser extension.
The ISO file impersonates as hacks and cheats for the Krunker first-person shooter game. Cheats are programs that help gamers gain an added advantage beyond the available capabilities during gameplay.
DMG files are also used in the attacks in place of ISO images which are Apple Disk Image files primarily used to distribute software on macOS, indicating that the threat actors are targeting multiple operating systems.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
