Call Us!
Sales: (604) 239-4283
|
Get Support
|
info@compunet.ca
IT Support For Vancouver Law Firms IT Services For Vancouver Law Firms Vancouver Legal IT Services
  • Managed It Services
  • Cybersecurity
  • Cloud Solutions
Close
Legal IT Support in Vancouver
  • Architecture
    • IT Management
    • Cloud Solutions
    • Software Support
    • Cybersecurity Solutions
  • Law Firms
    • Technology Management
    • Digital Transformation
    • Software Support
    • Cloud Services
    • IT Security
    • Cybersecurity Management
    • Ransomware Prevention
  • Accounting
    • Managed IT Services
    • Cloud Services
    • Ransomware Removal
    • Ransomware Protection
  • Engineering
    • Managed IT
    • Cloud
    • IT Security
    • Ransomware Removal
  • Cybersecurity Services
    • Microsoft MFA
    • Microsoft 365 Secure
    • Microsoft Office Protect
    • Network Security
    • Endpoint Protection
    • Dark Web Protection
  • About Us
    • How We Work
    • Why Choose Us
    • Case Studies
    • Our Blog
    • Is This You?
    • Five-Star Feedback
    • Careers
    • Referral Program
  • Where We Serve
    • Greater Vancouver
    • Burnaby
    • Langley
    • Surrey
    • North Vancouver
    • New Westminster
  • Contact Us
    105-135 East 15th Street
    North Vancouver, BC V7L 2P7
    (604) 986-8170 info@compunet.ca
    Get Support

Cloud9 Malware Infecting Businesses Across the Globe

Cloud9 Malware is a Paradise of Cyber Attack Methods — Infecting Businesses Across the Globe Key Points: The Cloud9 browser extension for Chrome and Edge is a haven for cybercriminals and a potential catastrophe for business users. The malicious browser extension allows hackers to remotely take over users’ browser sessions and execute a full range […]

Start A Conversation

Cloud9 Malware is a Paradise of Cyber Attack Methods — Infecting Businesses Across the Globe

Key Points:

  • The Cloud9 browser extension for Chrome and Edge is a haven for cybercriminals and a potential catastrophe for business users.
  • The malicious browser extension allows hackers to remotely take over users’ browser sessions and execute a full range of attacks.
  • Attackers have built the extension to install malware, mine cryptocurrency, steal people’s cookies, or execute a full device takeover.
  •  Businesses should be on high alert because it’s unclear how Cloud9 spread.
  • The botnet has wide attack capabilities, and a typical endpoint security system can’t detect it.

Web browsers have the most lucrative and interesting data about users. Malware developers understand this and are building malicious extensions to exploit the data.

Recently, Cloud9 — a malicious browser extension that works on all Chromium-based browsers, has been raging on the web. The extension author has designed it to execute a myriad of malicious activities, including:

  • Cryptocurrency mining
  • Stealing cookies and other information
  • Installing other malware
  • Entire device takeover

The browser extension takes the multi-tool approach, allowing it to act as a remote access Trojan (RAT).

Cloud9 Malware

What Exactly is Cloud9 Botnet?

Cloud9 botnet has been active since 2017 and has three JavaScript files. Research shows that the extension’s author updated it in 2020 to proliferate websites as a single JavaScript that can be added to any website using script tags.

Cyber experts link Cloud9 to Keksec Malware Gang — a well-resourced group — famous for creating botnet-for-hire. As the Cloud9 malware is quite trivial and free, many malware groups or individual hackers can use it for specific ii-intended purposes.

The Risk that Cloud9 Malware Poses to Business Users

While Cloud9 offers a platform for malicious activities, the author didn’t design it for specific users. The malware targets all types of users and retrieves user information for both business and individual users. The malware is much a consumer threat as it is a personal threat to increase the attack surface.

Attackers take advantage of the platform and use the botnet to infiltrate computers and escalate malicious activity. The most threatening capability of the Cloud9 malware include:

  • The ability to fetch malicious resources and install them on users’ machines to propagate further attacks
  • Stealing clipboard data to try to get login credentials or credit card numbers
  • Cookie theft to compromise users’ session
  • Ability to launch Layer 4/ Layer 7 hybrid attacks, which can then be used to execute a DDoS attacks on your machine
  • Key logging to steal passwords and other confidential information
  • Operating system and browser detection to deliver next-stage payloads
  • Ads injection to force pop-ups
  • Silently loading web pages for ads and malicious code injections
  • Cryptocurrency mining using the victim’s device, browser, and resources
  • JavaScript code execution from unknown sources to propagate further malicious code delivery
  • Ability to send a browser exploit to inject malicious code
  • Ability to take complete control of victim’s devices

All these capabilities make the malware a potential threat to users.

How the Cloud9 Botnet Attack Happens

Most Cloud9 attacks are multifaceted and execute several malicious activities simultaneously. The worst part is that it can escape the browser and run malware on the victim’s device.

Here’s an outline of how Cloud9 attacks usually occur:

  • Step 1: The main feature of the Cloud9 extension is in a file called campaign.Js that attackers can use as a standalone to redirect victims to malicious websites.
  • Step 2: The first task of campaign.js is to identify the victims’ OS and browser type.
  • Step 3: Then, campaign.js will inject a JavaScript file into the user’s browser to mine cryptocurrency using the victim resources. Consequently, the user will experience diminished device performance, increased energy usage, and reduced hardware lifespan.
  • Step 4: Cloud9 then injects another script with a full-chain exploit for vulnerabilities on Firefox on a Windows, OS 64 bits machine. If successful, the exploit will fetch Window-based malware to allow the hacker to take over the entire system.

The Cloud9 malware can affect other browsers, such as Internet Explorer, Edge, or Brave. If successful, the attacker gains the user’s right as the current user to execute codes on the victim’s device.

If the user is logged on with administrative rights, a hacker can:

  • Install malicious programs
  • Change security settings
  • View, change, or delete data
  • Create a new account with full user right

The attacker can also use the malware’s capabilities to send POST requests to any domain and execute a layer 7 DDoS attack.

How The Cloud9 Malware Spreads

Cybersecurity experts believe that a group of hackers called Keksec are running the latest malware distribution campaign. The threat actor uses side-loading through fake malicious and executable websites that initiate the Adobe Flash Players updates.

You can also get infected with the Cloud9 malware through malicious spam, fake email links and attachments, and Trojan-infected downloads.

How Businesses Can Protect Themselves From Cloud9 Malware

The vast capabilities of Cloud9 mean that organizations should be on high alert. After all, a typical endpoint security solution cannot detect the attack of this vector, making browsers in your business susceptible and vulnerable.

The best way you can protect your company is by:

  • Training employees about the risks associated with browser extensions
  • Checking what security controls your business has in place for such a risk
  • Ensuring all browsers on your company’s PCs are official Chrome extensions and deleting the unofficial ones
  • Updating your browsers to interrupt any tracks of the attacker
  • Downloading extensions only from official verified channels

You’ll never find the Cloud9 extension on any official browser extension store. The malware distribution relies on threat actor communities sharing to deliver to victims.

The best way to protect your business against Cloud9 botnet is to create awareness of the dangers of unofficial extensions among your employees.

Help Put a Stop to the New Vicious Cloud9 Threat

Businesses should be concerned about the Cloud9 malware because it can bypass a typical endpoint detection system. An attacker might camp in your company’s IT system, only for you to realize when it’s too late.

Your best protection is educating employees about the dangers of using web browser extensions and creating cybersecurity awareness.  More importantly, ensure your security frameworks can detect and handle malware from unsuspected attack vectors.

Contents

  • 1 Cloud9 Malware is a Paradise of Cyber Attack Methods — Infecting Businesses Across the Globe
  • 2 What Exactly is Cloud9 Botnet?
  • 3 The Risk that Cloud9 Malware Poses to Business Users
  • 4 How the Cloud9 Botnet Attack Happens
  • 5 How The Cloud9 Malware Spreads
  • 6 How Businesses Can Protect Themselves From Cloud9 Malware
  • 7 Help Put a Stop to the New Vicious Cloud9 Threat

Schedule Your No Obligation Initial Consultation Now

Complete this short form and schedule your no obligation 10-minute introductory phone call with Compunet Information. A member of our team will reach out immediately.

Latest Blog Posts

What is the Canadian Equivalent of HIPAA?
What is the Canadian Equivalent of HIPAA?
Read More
What Are the Costs of Old Computers for Your Vancouver Law Firm?
What Are the Costs of Old Computers for Your Vancouver Law Firm?
Read More
3 Important Law Firm Cybersecurity Considerations
3 Important Law Firm Cybersecurity Considerations
Read More
Read The Compunet Blog

Architecture

  • IT Management
  • Cloud Solutions
  • Software Support
  • Cybersecurity Solutions

Legal

  • Technology Management
  • Digital Transformation
  • Software Support
  • Cloud Services
  • IT Security
  • Cybersecurity Management
  • Ransomware Prevention

Accounting

  • Managed IT Services
  • Cloud Services
  • Ransomware Removal
  • Ransomware Protection

Engineering

  • Managed IT
  • Cloud
  • IT Security
  • Ransomware Removal

Cybersecurity Services

  • Microsoft MFA
  • Microsoft 365 Secure
  • Microsoft Office Protect
  • Network Security
  • Endpoint Protection
  • Dark Web Protection
Compunet infonech

Compunet InfoTech offers Managed IT Support & Hosted IT Services For Vancouver & Surrounding Areas. Serving Vancouver, Burnaby, Richmond, Surrey, Coquitlam and New Westminster.

105-135 East 15th Street
North Vancouver, BC V7L 2P7

(604) 986-8170
info@compunet.ca

  • About Us
  • Why Choose Us?
  • Media Center
  • Vancouver IT Consulting News
  • Testimonials
  • Greater Vancouver
  • Burnaby
  • North Vancouver
  • Langley
  • Surrey
  • New Westminster

© 2023 Compunet InfoTech. All Rights Reserved.

Sitemap | Privacy Policy | Website Accessibility
Attention North Vancouver Businesses: Are You Worried About Your IT Services Provider?

Get A Free Second Opinion Today from Compunet.

Our comprehensive assessment includes:

  • A thorough analysis of your current IT company’s performance
  • A customized action plan to tackle all operational issues
  • A detailed budget and project plan for seamless execution

Don’t let IT issues hold back your business. Gain the clarity you need to get your IT on the right track. With our no-obligation, risk-free assessment, you have nothing to lose. Contact Compunet now.

Interested?
Schedule Your Initial Consultation with Compunet Today.

Schedule Your Initial Consultation With The Compunet Team.

Fill in your information below to get started today.