Google Chrome warns users to update app as ‘malicious extension’ is draining bank accounts

Google Chrome users are being warned to update their app as a malicious extension is circulating that can drain money from bank accounts.

The extension, called Cloud9, allows hackers to gain access to personal accounts and steal information available during the browser session.

Security firm Zimperium says Cloud9 can also install malware on a user’s device, meaning hackers can take control of a device remotely and steal users’ passwords as well as credit card data.

The extension is not available on the official Chrome web store but is spread through channels such as websites promoting fake Adobe Flash Player updates.

The dangerous extension comes from the Keksec malware group, which was originally formed in 2016.

The number of victims that have been affected by the malware is unknown at the moment but the group is "targeting all browsers and operating systems", according to Zimperium.

Zimperium researcher Nipun Gupta said in a report: "We found some screenshots from a hacker forum where the threat actor showcases the victims they have under attack. The Cloud9 botnet is being sold either for free or for a few hundred dollars on various different hacker forums.

"As it is quite trivial to use and available for free, it can be used by many malware groups or individuals for specific purposes."

Microsoft Edge users could be affected

The threat is not only a problem for Chrome, but also for Microsoft Edge users, which uses the same technology behind the scenes.

Bleeping Computer, a website covering technology news and offering free computer help, said on its website that “even without the Windows malware component, the Cloud9 extension can steal cookies from the compromised browser, which the threat actors can use to hijack valid user sessions and take over accounts.”

The website added: “The malware features a keylogger that can snoop for key presses to steal passwords and other sensitive information. A ‘clipper’ module is also present in the extension, constantly monitoring the system clipboard for copied passwords or credit cards.

“Cloud9 can also inject ads by silently loading webpages to generate ad impressions and, thus, revenue for its operators.”

What has Google recommended?

Google told Bleeping Computer: "We always recommend users update to the latest version of Google Chrome to ensure they have the most up-to-date security protections. Users can also stay better protected from malicious executables and websites by enabling Enhanced Protection in the privacy and security settings in Chrome.

"Enhanced Protection automatically warns you about potentially risky sites and downloads and inspects the safety of your downloads and warns you when a file may be dangerous."