Microsoft has tracked a large scale click fraud campaign targeting gamers. The software giant said the bad actors stealthily deploy browser extensions on compromised systems.
Microsoft Security Intelligence in a series of tweets said, “[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices.”
Check out the Microsoft Security Intelligence threat cluster, dubbed as DEV-0796.
Microsoft researchers are tracking an ongoing wide-ranging click fraud campaign where attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices. Microsoft attributes the attack to a threat actor tracked as DEV-0796. pic.twitter.com/v6sexKgDSg
— Microsoft Security Intelligence (@MsftSecIntel) September 16, 2022
An attacker can install a browser node-webkit (aka NW.js) or rogue browser extension to their victim’s machine or browser node-webkit file when they click on a malicious ad or YouTube comment.
The bad actors use ISO files and Krunker first-person shooter game cheats to lure the victims. Cheats are programs that give you advantages in real-time action games.
The attackers use DMG files, apple disk image files which are primarily used to distribute software on macOS.
Kaspersky has exposed the details of a latest campaign that tricks gamers looking for cheats into downloading self-propagating malware. Potentially, this could turn out to have features of installing crypto miners and other malware.
Major risks for gamers are malware, unwanted software distributed as cheat programs.
Researchers Find Connections b/w PrivateLoader and Ruzki Pay-Per-Install Services
Reflections in Eyeglasses Can Leak Info from Zoom calls
LastPass Development Systems Under Hacker Control Fr Four Days