Microsoft said it’s tracking an ongoing large-scale click fraud
campaign targeting gamers by means of stealthily deployed browser
extensions on compromised systems.
“[The] attackers monetize clicks generated by a browser
node-webkit or malicious browser extension secretly installed on
devices,” Microsoft Security Intelligence said[1]
in a sequence of tweets over the weekend.
The tech giant’s cybersecurity division is tracking the
developing threat cluster under the name DEV-0796.
Attach chains mounted by the adversary commence with an ISO file
that’s downloaded onto a victim’s machine upon clicking on a
malicious ad or comments on YouTube. The ISO file, when opened, is
designed to install a browser node-webkit (aka NW.js[2]) or rogue browser
extension.
It’s worth noting that the ISO file[3]
masquerades as hacks and cheats for the Krunker first-person
shooter game. Cheats are programs that help gamers gain an added
advantage beyond the available capabilities during gameplay.
Also used in the attacks are DMG files, which are Apple Disk
Image files primarily used to distribute software on macOS,
indicating that the threat actors are targeting multiple operating
systems.
The findings arrive as Kaspersky disclosed details of another
campaign that lures gamers looking for cheats on YouTube into
downloading self-propagating malware[4] capable of installing
crypto miners and other information stealers.
“Malware and unwanted software distributed as cheat programs
stand out as a particular threat to gamers’ security, especially
for those who are keen on popular game series,” the Russian
cybersecurity firm said[5]
in a recent report.
References
Read more https://thehackernews.com/2022/09/microsoft-warns-of-large-scale-click.html