Malicious Chrome extensions infect 100,000-plus users, again
The botnet then used that pilfered information to send links to friends of the infected person. Those links pushed the same malicious extensions. If any of those friends followed the link, the whole infection process started all over again.
The botnet also installed cryptocurrency miners that mined the monero, bytecoin, and electroneum digital coins. Over the past six days, the attackers appeared to generate about $1,000 in digital coin, mostly in monero. To prevent users from removing the malicious extensions, the attackers automatically closed the extensions tab each time it was opened and blacklisted a variety of security tools provided by Facebook and Google.
The seven extensions masqueraded as legitimate extensions. Their names were: Nigelify, PwnerLike, Alt-j, Fix-case, Divinity 2 Original Sin: Wiki Skill Popup, Keeprivate, iHabno.