"Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign"

Russian users of Google Chrome, Opera, and Mozilla Firefox browsers are the target of an adware campaign involving a malicious browser extension with 350 variations disguising itself as a Google Translate add-on. The extensions are installed onto a victim's computer via a Windows-based executable, circumventing most endpoint security solutions as well as the security restrictions found in the official extension stores, according to mobile security company Zimperium, which named the malware family ABCsoup. The rogue browser add-ons use the same extension ID as Google Translate to trick users into thinking they have installed a legitimate extension. The extensions are not available through the official browser web stores. Instead, they are distributed via various Windows executables that install the add-on on the victim's web browser. If the targeted user already has the Google Translate extension installed, the malicious variant replaces the original version. ABCsoup's main function is to look for Russian social networking services like Odnoklassniki and VK among the websites currently open in the browser, and if found, collect the user's first and last name, dates of birth, and gender, and transmit the data to a remote server. The malware not only uses this information to serve personalized ads, but the extension also includes the ability to inject custom JavaScript code based on the websites visited. This article continues to discuss findings surrounding the ABCsoup adware campaign. 

THN reports "Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign"