Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>


The Nigelthorn malware is involved in large-scale click fraud and illicit crypto-mining campaigns that have spread to over 100,000 computers found in various parts of the world. The primary tool used by the attackers is a bogus Chrome extension that goes by the name ‘Nigelify.’ Of course, getting a hundred thousand users to download a suspicious browser add-on is not an easy task so that the attackers have crafted an elaborate scheme to trick users into downloading the bogus extension.

The infection vector that the Nigelthorn’s operators rely on is a simple one – they use Facebook spam bots to spread fake messages that appear to link to a YouTube video. Users who access the link are taken to a page that is an identical copy of the YouTube video page, but it is not hosted on and, instead, it is a fake page that was set up by the attackers. If the users attempt to play the video, they may receive a notification that they need a special plug-in to view this content, and then be redirected to Nigelify’s download page.

Once the extension is installed, it may execute a piece of JavaScript code that is meant to deploy the malware’s primary module immediately. After the Nigelthorn is launched, it may attempt to collect Facebook login credentials, Instagram cookies, and mine for the Monero, Bytecoin or Electroneum cryptocurrencies by utilizing the victim’s processor.

The Nigelthorn also acquires persistency by disabling the user’s access to the Google Chrome extension manager, as well as by disrupting the work of popular Facebook and Chrome cleanup tools that are often used to deal with unwanted extensions and scripts. Researchers also have identified a Nigelthorn module that may serve the purpose of generating YouTube views, likes and subscriptions via the accounts used by the compromised computers.

To ensure that your computer is not a part of the Nigerlthorn’s campaign, you should use the services of an updated and trustworthy anti-malware software suite.

This post first appeared on SpywareRemove, please read the originial post: here

Share the post



Subscribe to Spywareremove

Get updates delivered right to your inbox!

Thank you for your subscription