Microsoft said it’s tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems.
“[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices,” Microsoft Security Intelligence said in a sequence of tweets over the weekend.
The tech giant’s cybersecurity division is tracking the developing threat cluster under the name DEV-0796.
Attach chains mounted by the adversary commence with an ISO file that’s downloaded onto a victim’s machine upon clicking on a malicious ad or comments on YouTube. The ISO file, when opened, is designed to install a browser node-webkit (aka NW.js) or rogue browser extension.
The findings arrive as Kaspersky disclosed details of another campaign that lures gamers looking for cheats on YouTube into downloading self-propagating malware capable of installing crypto miners and other information stealers.