Cisco’s Cognitive Threat Analytics Found Malicious Browser Add-ons

Based on the article (Bad Browser Plug-ins Gone Wild: Malvertising, Data Extraction, and Malware, Oh my!) by Sugiarto Koh, ASEAN Director for Cisco Security Business - due to rising trend of Internet advertising, malicious activity has found new ideas to dip into the wave.

Last year (2014), Cisco’s Cognitive Threat Analytics (CTA) uncovered a new threat, which our researchers have found to be a family of malicious browser add-ons. Once installed, they inject unwanted advertisements on certain pages that users visit. This provides revenue to the illegal advertisers while opening a channel to track and extract end user data and potentially deliver further malware.

Data from CTA found that the same threat disguises itself with over 4000 different names as add-ons - with common behaviour.

Once loaded on the operating system (OS), the plug-in monitors a user’s browsing session, extracts visited URLs, and introduces a frame with a disguised URL on the visited page. This URL will then load the advertising that appears on the users screen.

With the dynamic nature of these attacks, identifying and blocking adware, malware, and the extraction of data requires a multi-tiered security approach. By investing in new detection methodologies, such as Cisco’s Cognitive Threat Analytics (CTA), users will be able to identify new actors and new techniques, reducing the time needed to detect threats in environments.