A new zero-day malware threat is going around and it takes advantage of social-engineering on Facebook to infect users with an abused Chrome extension. The new malware cryptomines and steals data from those that are fooled by the Facebook links. What makes this really bad is the fact that it bypasses Google application validation tools. As always the bad guys are one step ahead of the good guys and they’re experts at making gullible people click scam links.



Zero-day malware leverages sophisticated evasion techniques that often bypass existing protections that skilled groups study. Nigelify, which Radware identified in a well-protected network, has gone undetected despite several security solutions. Radware’s machine-learning algorithms have analyzed the communication logs of that large organization, correlating multiple indicators and blocked the C2 access from the infected machines. Radware’s Cloud Malware Protection Service provides several capabilities.

Discussion

Source: [H]ardOCP – Nigelthorn Malware Abuses Chrome Extensions to Cryptomine and Steal Data