Watch Out, That Browser Extension Could Be Cloud9 in Disguise | WhoisXML API

Threat reports

Watch Out, That Browser Extension Could Be Cloud9 in Disguise

Zimperium zLabs threat researchers recently reported the case of the Cloud9 Chrome Botnet, and rightly so. Using a malicious Chrome extension, the threat actors have stolen personal information stored in affected users’ browsers. Worse, they turned the infected computers into bots for more destructive attacks.1

Armed with extensive WHOIS, IP, and DNS intelligence, WhoisXML API researchers expanded Zimperium’s list of seven IoCs to include:

  • 10+ IP addresses to which the IoCs resolved, four of which were malicious
  • 400+ domains that shared the IoCs’ IP hosts
  • 1,900+ more domains that contained the same or similar strings as the IoCs
  • 10+ subdomains that contained the same string combination—“cloud9 + bot”—found among the IoCs
  • 10 malicious domains

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.zimperium.com/blog/the-case-of-cloud9-chrome-botnet/
Try our WhoisXML API for free
Get started