Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Thousands of Google Chrome browsers are at risk from this damaging attack

Google Chrome dark mode.

Cybersecurity researchers have spotted a new malicious campaign that hijacks web browsers to steal sensitive data.

A report from ReasonLabs outlined how the campaign has so far hit around 300,000 Google Chrome and Microsoft Edge users by creating websites offering fake software for free, including the likes of Roblox FPS Unlocker, YouTube, VLC media player, Steam, or KeePass. 

Victims who navigate to these websites and download the fake software instead get a trojan malware that’s been around since 2021. The malware installs add-ons and extensions that hijack search engines, and more.

Feature Flighting

"The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal private data and execute various commands," the researchers explained. "This trojan malware, existing since 2021, originates from imitations of download websites with add-ons to online games and videos."

In some cases, the extensions change the browser’s default search engine to a different one, likely where the threat actors can benefit from ad serving, or through which they can deploy more damaging malware. The researchers also added that removing the add-ons is a bit challenging.

"The extension cannot be disabled by the user, even with Developer Mode 'ON,'" ReasonLabs said. "Newer versions of the script remove browser updates."

To remove the malware, users should delete the scheduled tasks that reactivate the malware, remove Registry entries, and delete these files and folders, The Hacker News reports:

C:\Windows\system32\Privacyblockerwindows.ps1
C:\Windows\system32\Windowsupdater1.ps1
C:\Windows\system32\WindowsUpdater1Script.ps1
C:\Windows\system32\Optimizerwindows.ps1
C:\Windows\system32\Printworkflowservice.ps1
C:\Windows\system32\NvWinSearchOptimizer.ps1 - 2024 version
C:\Windows\system32\kondserp_optimizer.ps1 - May 2024 version
C:\Windows\InternalKernelGrid
C:\Windows\InternalKernelGrid3
C:\Windows\InternalKernelGrid4
C:\Windows\ShellServiceLog
C:\windows\privacyprotectorlog
C:\Windows\NvOptimizerLog

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.