A new Chrome browser botnet named ‘Cloud9’ has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim’s browser in DDoS attacks. The Cloud9 browser botnet is a Remote Access Trojan (RAT) for the Chromium web browser, including Google Chrome and Microsoft Edge, allowing the threat actor to execute commands remotely. The malicious Chrome extension isn’t available on the official Chrome web store but is instead circulated through alternative channels, such as websites pushing fake Adobe Flash Player updates. This method appears to be working well, as researchers at Zimperium reported that they have seen Cloud9 infections on systems across the globe.
It is recommended that users update to the latest version of Google Chrome to ensure systems have the most up-to-date security protections. Users can also stay better protected from malicious executables and websites by enabling Enhanced Protection in Chrome’s privacy and security settings. Enhanced Protection automatically produces a warning about potentially risky websites and downloads.