Beware of the malicious browser extension - Cloud9

What is Cloud9 Malware?

Cloud9 is a recently discovered malicious browser extension that targets the most popular browsers, including Google Chrome, Mozilla Firefox, Microsoft Edge, and Internet Explorer.

Cloud9 allows attackers to remotely take over someone's browser session and carry out a full range of attacks. It was built with the aim to steal cookies and other information, mine cryptocurrency, install malware, or take over the entire device for use in a distributed denial-of-service (DDoS) attack. Zimperium zLabs researchers also revealed that Cloud9 botnet basically acts like a remote access Trojan (RAT) for the Chromium browser, which is the framework for Chrome, Edge, and some other browsers. 


How is it distributed?

The researchers believe a group known as Keksec is behind the latest malware distribution campaign, as it uses the same command & control (C2) servers that were used by Keksec in the past.

The main distribution tactics used in these campaigns include side-loading through fake executables and malicious websites that trigger Adobe Flash Player updates. Other popular methods that hackers use to distribute various types of malware across the web include malicious spam (malspam) that contains fake email attachments and malicious links, and trojanized downloads. These malware distribution methods highlight the importance of being vigilant while surfing the web. Be careful when planning to download software from freeware websites, as their installers can contain malicious code.


How to remove Cloud9 Malware?

The use of a professional anti-malware program for the removal of Cloud9 is recommended. Also, under "Related Content" you will find links for manual removal instructions. You can combine both methods for maximum efficiency.