Researchers have tracked a hacking campaign spreading malware through breached websites and Chrome extensions.
The campaign has been active since November 2022.
- The infection chain starts by injecting malicious JavaScript code that activates scripts when a user visits the website.
- If
a targeted visitor browses the site, the scripts will display a fake
Google Chrome error screen that convinces users to launch a bogus update
to improve their user experience.
- When activated, the script automatically downloads a ZIP file disguised as a Chrome update.
- This
ZIP file contains a Monero miner that will use the infected device's
CPU to mine the Monero cryptocurrency for the threat actors.
