Tech »  Topic »  Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive


Decoding Compliance With CISOs

In August 2024, researchers detected a malicious Google Chrome browser infection that led to the distribution of LummaC2 stealer malware that utilized a drive-by download of a ZIP archive containing an MSI app packaging file, which, when executed, installed the malicious software on the victim’s system.

A MSI file communicates with a remote server to obtain the password required to extract a malicious DLL from a RAR archive and employs a legitimate executable associated with cryptographic tools to decrypt the archive.

The malicious executable, located in the “TroxApp” folder, uses DLL sideloading to load the harmful “rnp.dll” payload, exploiting the Windows operating system’s behavior of searching for DLL files in specific directories, allowing the malicious executable to execute malicious code.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

The malicious DLL triggered a loader process that downloaded the LummaC2 stealer and ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE