Researchers have sniffed out a malware framework that targets major browsers installed on Window machines, and has generated more than 1 billion false Google AdSense impressions in the past three months alone.
“The framework is designed to pad statistics on social sites and ad impressions, creating revenue for its operators who are using a botnet to attack the content and advertising platforms by spreading the malware and targeting browsers including Google Chrome, Mozilla Firefox, and Yandex’s browser,” explain Flashpoint researchers Jason Reaves and Joshua Platt in a company blog post published today.
The malware is most commonly found in Russia, Ukraine and Kazakhstan.
Upon infecting a browser, the malware executes in three stages. First, the installer establishes persistence by setting itself up as a task related to Windows update, and then it either directly creates a new browser extension or it downloads a module for this same purpose.
Up next comes the Finder module, which steals browser logins and cookies and exfiltrates them to a command-and-control server in .zip files. It also communicates with a ..
Support the originator by clicking the read the rest link below.
