The LNKR malware is a threat that is a part of several Google Chrome extensions. Unfortunately, the Web browser add-ons in question have managed to bypass the security measures of the Google App Store and are hosted there currently. The extensions that are carrying the LNKR threat appear to have generated less than a thousand downloads, which means that they are yet to gain any popularity. To mislead users into installing the corrupted add-ons, the cybercriminals have used popular names that are well- known to the public. An example of this would be a corrupted Web browser extension named ‘Adobe Flash Player’ that carries the code of the LNKR malware.
The creators of the LNKR malware have taken serious measures to protect their anonymity and prevent cybersecurity analysts from uncovering their real identities. This is done by implementing a complex network infrastructure that is not easy to navigate through. A majority of the domain names associated with the LNKR malware are of Chinese origin. Despite this, malware researchers believe that the hacking group responsible for the LNKR threat is not located in China, but Eastern Europe.
How Does LNKR Spread?
Tracing the Threat
Security experts were able to trace LNKR back to known command and control (C2) servers and use Host Pairs data sets to discover inventoried infrastructure connecting to the C2 servers.
These host pairs create a unique relationship between observed pages. The pairs include a parent and child connection and a cause to outline the relationship between those connections. The information gleaned from these pairs offers a lot of information about dependent requests, redirection sequences, and other actions pages take when loading. Host pairs are effective at tracking viruses because they help to understand the relationships between hosts using information from the actual page.
Security experts noticed that many websites were making calls to the LNKR C2 servers. They were able to track those requests down and discovered that the domains included in the requests matched that of LNKR.
How to Prevent LNKR And Other Browser Extensions
- Remember that Less is More
When it comes to avoiding malicious extensions, there’s nothing better than just reducing how many extensions you download and use. Only use the extensions you need. Don’t forget that less really is more in situations like this. Using fewer extensions reduces your risk of running into a malicious one.
See if there is a desktop app or terminal command that can perform the same functions as the extension you are considering. Some of the most popular extensions eventually get built into browsers as default features too, so wait a little while and see where things stand.
- Get Rid of Inactive Extensions
In a similar note to accepting that less is more, you should remove browser extensions you don’t use anymore. Each extension you uninstall is one less security risk on your computer. It helps to clean up your extensions once a month or so. Browser extensions are as easy to uninstall as they are to install, meaning that anyone can do this.
Web browser add-ons raise any suspicions rarely, as this is a piece of software most of us have never had issues with. However, thanks to the LNKR malware, we can see that cyber crooks can weaponize Web browser extensions and use them for their harmful goals easily. This is why you need to be very careful when installing software on your PC, even if it is hosted on a legitimate and reputable platform like the Google App Store. Furthermore, do not forget to protect your system with a genuine anti-virus software suite that will not allow threats like the LNKR malware anywhere near your computer.