GBHackers News reports that about 1.5 million devices around the world have been compromised with malicious "sleeper agent" browser extensions, which impersonate in-browser sound management tools.
Such extensions, including "Volume Max Ultimate Sound Booster", "Sound Booster", "Volume Master: Master Your Sound", and "Volume Booster: Ultimate Sound Enhancer", have identical codebase and infrastructure enabling remote command execution, malicious domain communications, and background tab opening, as well as concealment via encryption and base64 code obfuscation, findings from LayerX showed. Further analysis of the extensions, all of which remain on the Chrome Web Store, revealed their resemblance to the now-removed ReadBee extension, which also had the ExtStatTracker class within its infrastructure that allowed clandestine user activity monitoring and RCE. With the use of "sleeper" extensions presenting an alternative to botnets based on breached Internet of Things devices, organizations and users have been urged to not only be vigilant of browser extensions but also regularly audit those that have already been installed on their systems.
Such extensions, including "Volume Max Ultimate Sound Booster", "Sound Booster", "Volume Master: Master Your Sound", and "Volume Booster: Ultimate Sound Enhancer", have identical codebase and infrastructure enabling remote command execution, malicious domain communications, and background tab opening, as well as concealment via encryption and base64 code obfuscation, findings from LayerX showed. Further analysis of the extensions, all of which remain on the Chrome Web Store, revealed their resemblance to the now-removed ReadBee extension, which also had the ExtStatTracker class within its infrastructure that allowed clandestine user activity monitoring and RCE. With the use of "sleeper" extensions presenting an alternative to botnets based on breached Internet of Things devices, organizations and users have been urged to not only be vigilant of browser extensions but also regularly audit those that have already been installed on their systems.
