js.wd

The threat actor of this family compromised Chrome extension developer accounts and attached malicious code to the extensions. Web Developer 0.4.9, Chrometana 1.1.3, Infinity New Tab 3.12.3, CopyFish 2.8.5, Web Paint 1.2.1, and Social Fixer 20.1.1 were affected by this. TouchVPN and BetterVPN were assumed to be targets as well.

This lead to the execution of another Javascript that substitutes ad banners for their own, effectively hijacking ad traffic. It is also reported that fake pop-up alerts were used to lure victims to download possibly other malware.

Family metadata imported from Malpedia (Fraunhofer FKIE).