May 2022 - Ophtek

Malicious Extension Found Being Injected into Chrome

ChromeLoader, extensions, Google Chrome, malicious extensions, Ophtekchrome, ChromeLoader, Extentions, malicious, OphtekOphtek, LLC

May 2022

Chrome is the world’s most popular browser and, as such, is a major target for hackers, a fact highlighted by the emergence of a malicious Chrome extension.

If you’re a Chrome user, then you will be well aware of the wide range of benefits that Chrome extensions deliver. They not only making browsing easier, but their main objective is to make you more productive e.g. automating tasks such as blocking pop-up adverts. While Chrome extensions allow you to personalize your browsing experience, they are not without risk. Privacy concerns have surrounded browser extensions for as long as they have been available, and malicious extensions have been equally concerning.

It’s more than likely that your organization uses the Chrome browser in some capacity, so let’s look at the dangers of this most recent malicious extension.

The Lowdown on ChromeLoader

With a name that does exactly what it says on the tin, the ChromeLoader extension loads itself into Chrome. It begins its journey towards Chrome in the form of an ISO file – an image copy of the contents of an optical disc – which is currently being spread through social media sites and pay-per-install sites. Within this ISO is an executable file which, when activated, installs the ChromeLoader extension into Chrome and uses Windows’ Task Scheduler application to load the extension.

At present, the malicious activity of ChromeLoader has been recorded as relatively low. Rather than stealing data or encrypting files, ChromeLoader appears more concerned with redirecting victims towards spam sites. It’s a threat level which may not appear significant but, as with all malware, there’s a potential for ChromeLoader to evolve into something more powerful. It could, for example, be used to load ransomware into a compromised PC, and that’s when your productivity really will come under attack. And, even it remains only a minor nuisance with its spam redirection, it’s still a problem your organization could do without.

How to Tackle ChromeLoader

ChromeLoader is delivered via an ISO file, and the chances of your employees needing to handle ISO files at work are slim. Therefore, it makes sense to add ISO files to your list of prohibited files that can be downloaded. If an employee does need an ISO file downloading from the internet, then they should contact your IT team to arrange this securely. Banning torrent sites, such as PirateBay, will also limit the chances an employee has to access infected ISO files, so build this into your web filters as well.

Ultimately, extensions such as ChromeLoader prey upon the naivety of the common internet user. For the average person, a Chrome extension is a useful ally, not something to be feared. However, threat actors are always keen to deliver their malicious payloads as stealthily as possible. And that’s why they try to take advantage of routes, such as Chrome extensions, which are commonly trusted by PC users. As a result, educating your staff on the potential dangers of downloading files from the internet, such as ISO files or browser add-ons, should be a priority.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Sure-fire Ways to Know You’ve Been Hacked

Cyber Security, Encryption, Hackers, Hacking, Network, Ophtek, pop upsencryption, hacking, network, Ophtek, pop ups, security, vulnerabilityOphtek, LLC

May 2022

The aim of most hackers is to be discreet, but there’s almost always a tell-tale sign they’re at work. You just have to know what you’re looking for.

Damage limitation is an essential part of cyber-security and, accordingly, the sooner you realize you’ve been hacked, the sooner you can get to work on rectifying the issue. Establishing that you’ve been hacked, however, isn’t always straightforward. Hackers are well known for their stealthy attack strategies, and, in many cases, you’re unlikely to realize that you’ve been hacked. You may, instead, simply think that your network is experiencing technical problems, and that’s why you can’t access your files, or why your PCs performance has ground to a halt. But you also need to consider that you may have been hacked.

How Do You Know You’ve Been Hacked?

There are several clear giveaways that your organization’s digital defenses have been breached, and here are five of the most sure-fire ways to know you’ve been hacked:

Your Files are Encrypted: your day-to-day IT activity will likely center around the regular usage of files e.g. Word documents and Excel spreadsheets. But what happens when you can’t access these? Firstly, your organization’s productivity will plummet and, secondly, it could indicate that you’ve been the victim of ransomware. If your files are encrypted and a message is received demanding a ransom fee to decrypt them, then you’ve been hacked.
Unusual Network Activity: regular traffic patterns should be easily identifiable on your network logs, but anything unusual should be closely scrutinized. Modern hacking methods often find malware communicating with remote locations to transmit information or download further malware. Therefore, any unknown locations that are delivering or receiving data from your organization need to be investigated.
Persistent Pop-Ups: there’s nothing more irritating than a pop-up window when you’re trying to work on something. But when these are regularly popping up, when they shouldn’t be, there’s a good chance you’ve been hacked. Often, these pop-ups will try to convince you to perform an action, such as downloading an anti-malware app due to an infection on your PC. These, of course, are fake and are simply a devious strategy to get you to download further malware on to your PC.
People Ask You If You’ve Been Hacked: one of the most obvious signs that you’ve been hacked is when people start asking you if you’ve been hacked. And this is because malware often hijacks email accounts to help spread spam. As a result, people you know – who are listed in your email address book – will be receiving spam messages direct from your email account. Naturally, these unusual messages will ring alarm bells with the recipients, and they are likely to check in with you to confirm if your email account has been hacked.
Your Credentials are Available Online: hackers like to make money by harvesting valuable login credentials, these can then be sold to other hackers who want to breach security measures and gain quick, unauthorized access to private networks. Thankfully, applications such as Google’s Password Manager can warn you when these credentials turn up in password dumps, this is a good sign to immediately change all your passwords.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Raspberry Robin: A New USB-based Malware

Ophtek, Rasberry Robin, USB Drives, USB Flash Drives, USB MalwareOphtek, Rasberry Robin, usb drives, USB malwareOphtek, LLC

May 2022

USB drives are vital parts of any IT system, providing external storage and simple file transfers. But they also run the risk of introducing malware to PCs.

We’ve talked in the past about USB drives which can completely destroy a PC, but this new threat is a little different. Believed to have been active in the digital wild since September 2021, Raspberry Robin (as it has been named by researchers) is a strain of malware loaded with a series of dangerous commands. Although it was first discovered in September 2021, researchers noted a sharp uptick in its activity during January 2022. Accordingly, like most malware, it’s likely that its activity will accelerate again in the future, so it’s crucial you know what to look for.

What is Raspberry Robin?

Despite sounding like a charming brand of candy, Raspberry Robin is far from sweet. Instead, it’s a form of malware which is delivered to its victims through an infected USB drive. Quite how Raspberry Robin makes its way onto these USB drives is a question which has security researchers scratching their heads. Regardless of this mystery, however, the fact remains that Raspberry Robin is there and it’s capable of causing digital chaos.

Once the infected USB drive is connected to an active PC, it uses this as a prompt to activate a shortcut link housed on the USB drive. This opens explorer.exe and, most importantly, MsiExec.exe which is used to install new programs in Windows. MsiExec.exe is then used to launch a communication channel to an external domain, from which it will receive malicious commands. Raspberry Robin also harnesses MsiExec.exe to install a malicious .DLL file, although it is yet to be established what the objective of this file is.

Another feature of Raspberry Robin’s attack strategy is to execute the Windows tool fodhelper.exe – this is used to manage features in Windows settings – and instruct rundll32.exe to, in turn, launch further malicious actions. These processes are executed with elevated admin privileges, yet do not require authorization from a User Account Control prompt. While this allows Raspberry Robin unauthorized privileges, it also highlights unusual behavior on a PC and can be used to identify the malware’s presence.

How Can You Avoid Raspberry Robin?

One of the simplest ways to minimize your risk against Raspberry Robin is to never plug unknown USB drives into a PC. Without scanning the drive thoroughly and securely, there is no way of knowing exactly what’s on there. And this can put your PC and indeed your entire IT network at risk.

Likewise, any new USB drives purchased by your organization should be tested by an IT professional on an offline network. This approach will prevent malware such as Raspberry Robin spreading throughout your IT network.

It’s also important that you practice good network monitoring. As Raspberry Robin communicates with external domains, significant traffic will be visible between your network and new, unknown locations. Identifying unusual traffic patterns such as this will allow you to investigate and take care of any concerns.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Why Does Your Business Need a VPN?

Cyber Security, Online Security, Ophtek, PC Security, Security, VPNNetwork Security, Online Security, Ophtek, PC Security, security, VPNOphtek, LLC

May 2022

Security in business is paramount, and when it comes to IT networks it’s absolutely crucial. One of the best ways to protect your network is with a VPN.

With the number of cyberattacks in 2021 hitting new highs, protecting your IT network has never been more important. The sheer amount of secure data passing across a network in 2022 is remarkable. Accordingly, this data needs to be protected. Failure to do this will only lead to negative results: data leaks, compromised networks, and financial risk. While there are simple steps that your organization can implement, one of the strongest defense strategies is to put a virtual private network (VPN) in place.

What is a VPN?

VPNs have been around since the mid-1990s, but it wasn’t until the internet started to take off in the early-2000s that it became apparent they were necessary for businesses. Since then, they have grown in popularity with both organizations and domestic users. But what exactly is a VPN?

Well, imagine the private IT network you have at your organization. You will have full control over this network and be able to put the necessary security in place. However, what happens when one of your employees wants to connect to your network from a remote location? They won’t be able to connect directly to your network, they will need to use their own internet connection or a shared, public internet connection. As you will have no control over the security of this connection, there’s the potential for major problems.

Nonetheless, with a VPN in place, you can create a secure, encrypted connection between your remote employee and your network. Think of it as a tunnel between two points which is completely protected from any external forces. This allows data to be transferred from your network to a remote connection with peace of mind that it won’t be compromised.

The Business Benefits of a VPN

The benefits of connecting your private business network with external public networks is clear to see, but what are some of the other business benefits of a VPN? Let’s take a look:

Quick Access: thanks to the advent of cloud computing, all the apps that your remote worker needs can be accessed instantly through the internet. Before cloud computing was a reality, expensive networking technology would be needed to provide the full range of network services. And, with this technology, came delays in accessing applications and data sources. Now, however, employees can access everything they need within seconds.

Budget Friendly: subscription costs to VPN services are relatively cheap compared to installing and managing endpoint security. This is particularly attractive to smaller organizations for whom the technology costs of managed security may be prohibitive to their budgets. After all, with reputable VPN subscriptions costing less than $10 per month per user, a VPN represents excellent value.

Geo-locations: for a business with a global reach, the need for geo-independence with IT networks can be a necessity. Global locations, such as China, have much stronger internet access policies that you may be used to. And this can result in direct access to your organization’s network being blocked. However, a VPN will allow remote users in these locations to connect to your network as if they’re in the same state.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Monthly Archives: May 2022