Follow the traces of crime
Recently, in the process of enhancing the security of the company’s system, a group of security experts from the Information Security Department under VCCorp accidentally discovered and traced an information appropriation ring.
Specifically, on June 21, when detecting unusual signs in an administrator account on a familiar website, a group of security experts immediately went to work to find out the cause.
The amount of information stolen is unprecedented
Notably, this is an extension that imitates the IDM – Internet Download Manager extension, which is very popular in Vietnam, and can be used on the two leading browsers Google Chrome and Coc Coc.
According to preliminary statistics, this hacker group has stolen the login information (Username/Password) of about 55,000 Facebook accounts, 6,000 Google accounts, 5,000 Yahoo accounts and the scariest thing is more than 5 million cookies from popular websites.
The group of experts also noted that this type of malware has existed for a long time but has not been `caught` and prevented by antivirus software because of the cunning in the infection method.
1. Infection through the distribution of pirated software (crack):
When users download pirated software from any website (uploaded by hackers), the crack files will include a file that executes the task in the following order: turn off the browser (Chrome/Coc Coc) if running
2. Use curious links:
Previously, by circumventing the law, hackers were able to post up to 11 different versions of this fake extension on the Chrome Web Store.
How did hackers post up to 11 different versions of this malicious extension and bypass many security tools? Due to the limited scope of the article, we will provide detailed information for you.
Therefore, when reading this article, readers should immediately take the following steps, especially when they find themselves engaging in behaviors similar to those mentioned in the two ways of infection above:
– Check extensions in your computer browser, you can use tools similar to those in this article.
– If there are suspicious signs such as using unnecessary permissions in any extension, immediately delete it.
– Change all passwords on all your electronic accounts.
At the same time as checking your computer, readers should actively share this information with those around them, especially those with little understanding of technology.
We will provide detailed information on how security experts found the culprit group in the next articles.
According to Tri Thuc Tre