As we all too much familiar that Google Chrome is one of the most popular and widely used web browser. With widely used browser, cyber attackers started to develop more malicious and advanced browser extension every day. There are numerous malicious Chrome extension developed by hacker but recently they have uncovered a new and very ambitious notorious Google Chrome extension named Ldi.
This notorious Chrome extension takes its malicious behavior to the next advanced level which does not only leads Coinhive browser miner into the victim’s web browser, uses CPU but it also accesses the user’s Gmail and the registered the new domain names on the behalf of Chrome user’s email addresses using Freenom. The malicious Chrome extension was researched by the Lawrence Abrams Who said that the malicious extension was seen on the Chrome web store.
[To know more about browser extension, You can go through with it’s wikipedia link – https://en.wikipedia.org/wiki/Browser_extension]
Once malicious Script is executed , several fun begins on your browser. First of all, this notorious Chrome extension will connect you to Facebook then it downloaded the Coinhive crypto currency which immediately starts to digging up the Monero for developer. This activity also generates, first sign for innocent user that something is wrong and amiss with their PC. The malicious working activities of malware, can be easily notified.
To register new domains, malware uses victim’s name and the associated Gmail addresses. It connects to the official site Freenom.com by posting to https://my.freenom.com/includes/domains/fn-available.php domain and checking if the random named domain and sever TLDs are available to register. After retrieving the available domain options, it adds each domains to a cart. Fortunately, it can grab only when System user has open it and executing at the System background. If Ldi is successfully getting into the Gmail and creating malicious domains, victim’s well definitely see the registration email from a domain service named Freenom.
This extension mainly allows it to retrieve email address of the user but if user do not logged into the Gmail then it is unable to register domains. Total 4 domains has been generated for the extension developer but registered with victim’s email addresses. It has been done each time when the extension is installed in the Chrome browser. Currently, it is known that what is the exact aim of domains but they can be used to spread malware. Further dispersal channels of extension are phishing campaigns.
[If you really want to delete Chrome extension from your browser then visit, https://www.stepstoremovevirus.com/complete-guide-to-delete-install-extension-to-continue-from-chrome]