Safety researchers have uncovered a malicious browser extension marketing campaign, dubbed CrashFix, that intentionally crashes victims’ browsers after which makes use of the ensuing confusion to trick customers into working attacker-supplied instructions.
The exercise, attributed to a risk cluster Huntress calls KongTuke, entails a faux Chrome extension posing as an ad-blocking device however in the end delivering a novel malware payload.
The extension, which Huntress recognized as NexShield-Superior Net Safety, was distributed by way of look-alike branding and misleading metadata designed to resemble a professional browser security device, uBlock Origin Lite advert blocker. After set up, it stays inactive for a time period, more likely to evade instant suspicion, earlier than deliberately destabilizing the browser by exhausting system sources and triggering repeated crashes.
As soon as the browser turns into unusable, victims are introduced with a faux “restore” immediate instructing them to stick and execute a command to resolve the problem.
