There’s a new type of malicious browser extension that you need to be aware of. Researchers have identified a threatening extension called NexShield, which pretends to be a privacy-focused ad blocker. But don’t be fooled; this extension is designed to crash your browser and lure you into executing harmful commands on your system.
Understanding the NexShield Scam
NexShield was falsely marketed as being developed by Raymond Hill, the creator of the well-known uBlock Origin extension. This misleading association helped it gain traction through ads and other search results until it was eventually removed from the Chrome Web Store.
Once you install NexShield, it starts to wreak havoc in the background. Researchers found that it opens endless internal connections in your browser, eventually using up all available memory. This leads to freezing tabs, soaring CPU usage, and, in the end, a complete browser crash.
Upon restarting, NexShield will display a frightening pop-up that claims your computer has serious security issues. If you click to “scan” or “fix” this problem, you’ll be prompted to execute a command in a command prompt. But this is a trap—doing so runs a hidden PowerShell script that delivers malware. To evade detection, the malware’s execution is delayed for up to an hour, creating a gap between the installation of the extension and its harmful effects.
Why This Threat is Concerning
This scheme is a new twist on a familiar scam, dubbed CrashFix, which aims to get you to run potentially harmful commands yourself. In business environments, the malware used is a Python-based remote access tool named ModeloRAT, granting attackers access to your system to steal information, modify settings, and maintain long-term control. The threat group involved, tracked as KongTuke, seems to be shifting focus towards targeting corporate networks, likely for bigger rewards.
Even though home users aren’t the primary targets, that doesn’t mean they are completely safe. Uninstalling the extension may not eliminate all threats, as some malicious elements could still linger. The real concern here is about trust. This attack relies on the premise that something is helpful, leading you to act quickly, even under duress.
“Microsoft Defender has built-in tools designed to identify and stop harmful browser extensions and their associated actions,” said a cybersecurity expert at Microsoft. They suggested that consumers should stay updated on security practices to minimize exposure to scams like this one.
Staying Safe from Malicious Extensions
Adopting a few cautious habits can significantly decrease your risk of encountering harmful browser extensions.
1) Install Only Trusted Extensions
Before installing any browser extension, verify the publisher’s name, their official website, and the history of updates. Well-established tools will typically provide plenty of user reviews and information about their developers.
2) Do Not Run Unknown Commands
Genuine browser extensions won’t ask you to open a command prompt or paste commands. That’s a huge warning sign. If you’re ever prompted to do so, it’s best to disregard it and seek help from a trusted source.
3) Use Reliable Antivirus Software
Good antivirus can catch harmful scripts and suspicious activities, especially since this attack can delay its execution. Effective antivirus software is essential for blocking threats and warning you of scams.
4) Use a Password Manager
Password managers offer encryption for your stored credentials, safeguarding you if malware compromises your system. They can also alert you if your email is part of a known data breach, giving you the chance to secure accounts quickly.
5) Keep Your Software Updated
Regular updates are crucial as they not only fix bugs but also fortify your defenses against malicious extensions. Enabling automatic updates can ensure you stay protected without depending on your memory.
6) Consider Identity Theft Protection
If malware is active on your system, your personal information might be endangered. Identity protection services monitor for any misuse and can assist in recovery should fraud occur.
7) Use a Data Deletion Service
Reducing your online footprint can make it tougher for criminals to misuse your personal information. Data deletion services actively seek out your information on various networks, though they don’t guarantee total removal.
Cybercriminals have adeptly combined technical tricks with psychological tactics to manipulate users. Rather than solely relying on technical exploits, they intentionally create issues, waiting for users to react in haste. If you encounter a demanding browser extension, take a moment to reassess before taking any action. That pause may just protect you from harm.
