Skip to content Dark Web Informer - Cyber Threat Intelligence
Support
Sign In Subscribe
Malware

A Threat Actor Claims to be Selling a Chromium Extension and Loader

 and  Dark Web Informer - Cyber Threat Intelligence
2 min read

💡This post is part of Free Post Friday! If you're interested in subscribing to the platform please visit the subscriber page: https://darkwebinformer.com/status/#/portal/signup. If you would prefer to pay via cryptocurrency, please visit: https://darkwebinformer.com/crypto-payments

If you're interested in advertising please visit: https://darkwebinformer.com/advertising-rates/

💡 Subscribe to DarkWebInformer.com for Unmatched Cyber Threat Intelligence 💡

Why Subscribe? Let me do the work and save you time.

Stay ahead of cyber threats and safeguard your digital assets while enhancing your cybersecurity awareness with these exclusive subscriber-only features:

  • 📜
    Exclusive Threat Feeds: Access the latest ransomware victim disclosures, breaches, leaks, and other critical updates. You will receive approximately 100-150 alerts daily.
  • 📡
    Detailed Threat Posts: Stay updated on breaches, leaks, ransomware, DDoS attacks, and more.
  • 📤
    On-Demand Data Export: Export all 13,500+ alerts to JSON, CSV, or XML at any time for deeper analysis.
  • 🖼️
    High-Resolution Screenshots: All threat alerts include watermark-free, high-resolution images.
  • 🔗
    Direct Claim URLs: Instantly access claims with direct links for fast verification.

Click here to find out all of the exclusive benefits!

Subscribe Now Pay with Crypto

🔗 DarkWebInformer.com - Cyber Threat Intelligence

📅 Date: 2025-02-14 15:20:19
🚨 Title: Alleged Sale of Chromium Extension and Loader
🛡️ Victim Country: Not specified
🏭 Victim Industry: Not specified
🏢 Victim Organization: Not specified
🌐 Victim Site: Not specified
📜 Category: Malware
🔗 Claim: https://xss.is/threads/132727/
🕵️‍♂️ Threat Actor: odayman
🌍 Network: OpenWeb

What Happened?

A cybercriminal operating under the alias odayman is allegedly selling source code for a Windows loader and a Chromium-based extension designed for system infiltration and browser control. The malware consists of a loader that installs itself, communicates with a C2 server, and executes remote commands. The extension integrates with Chromium browsers to track user activity and display device data.

The Details

  • Windows Loader Capabilities:
    • Automatic installation and persistent execution
    • Adds itself to autorun programs
    • Executes arbitrary files from a remote server
    • Supports command execution, self-deletion, and system cleanup
    • Restarts processes and fetches new versions of the extension
  • Chromium Extension Functions:
    • Monitors and logs browser activity
    • Displays and transmits device information to a C2 server

WhiteIntel.io Data Leak Information

(No victim site disclosed)

Why This Matters?

  • Potential for Widespread Malware Deployment – The loader’s ability to execute arbitrary files poses a risk for widespread infections.
  • Privacy and Data Theft Risks – Browser extensions can track user activity, steal credentials, and exfiltrate sensitive data.
  • Malware Evolution & Persistence – The malware supports self-updating mechanisms, making it adaptable and difficult to remove.
  • Security & Compliance Threats – Organizations using Chromium-based browsers may be exposed to unauthorized access and compliance violations.

What Should Be Done?

  • Monitor for unauthorized browser extensions and enforce security policies.
  • Implement endpoint protection to detect and block unauthorized loaders.
  • Regularly audit startup programs and scheduled tasks for persistence mechanisms.
  • Restrict arbitrary file execution from unverified sources.
  • Educate users on the risks of installing unknown browser extensions.

Stay ahead of cyber threats. Visit DarkWebInformer.com for real-time updates on security risks and emerging cyber threats.

Related

Latest