Nigelthorn is a malware campaign. The Nigelthorn malware campaign has managed to infect more than one hundred thousand computer devices across more than one hundred countries. The Nigelthorn campaign was mainly delivered via corrupted URLs distributed via Facebook. These URLs lead to fake YouTube pages that are designed to display a pop-up window attempting to convince victims to install a Chrome extension. This Google Chrome extension is named 'Nigelify' and shows up in the Google Chrome Web Store as an application designed to remove specific images of a pop-culture character. Computer users that fall for this tactic install the Google Chrome extension thinking that it will allow them to view the fake YouTube video. However, the main purpose of the application is to load scripts onto the infected Web browser and carry out the Nigelthorn attack.
How the Nigelthorn Attack Works
The Nigelthorn attack loads scripts on the infected Web browser that can allow the attackers to collect victims' Facebook login information. The Nigelthorn campaign also attempts to use a crypto-jacking tactic on the infected Web browser, allowing the criminals to use the victim's computer's resources to mine for digital currency. The Nigelthorn campaign also has been observed to collect data from the infected computer. Using the Nigelthorn campaign, criminals can carry out attacks that clone the victim's computer and hijack their social media accounts, also allowing them to continue to spread the Nigelthorn campaign to other computer users.
The Nigelthorn Malware Campaign
Further Details of the Nigelthorn Campaign
Malware associated with the Nigelthorn campaign can evade detection and removal in various ways. For example, Nigelthorn can interfere with the victim's Web browser to close the Extensions hub or prevent the victim from connecting to websites associated with computer security tools and software. The Nigelthorn campaign also can prevent the victim from posting about the infection on social media. Various other symptoms may be associated with Nigelthorn, depending on how criminals monetize their malware infection. The Nigelthorn campaign may cause a Web browser to visit unwanted websites and view unwanted online content, often spamming the victim and the victim's contacts with several shady advertising materials.
Protecting Your Device from the Nigelthorn Malware Campaign
The Nigelthorn campaign is not limited to a single operating system. This is because the main people vulnerable to the Nigelthorn campaign are the Google Chrome users, which is a Web browser with a presence across various platforms. There have been observed devices infected with malware associated with Nigelthorn on several operating systems, ranging from Microsoft Windows to Linux and Android. Because of Nigelthorn's distribution, it is very important that computer users learn to recognize legitimate and fraudulent Web browser applications and avoid clicking on spam links and other suspicious online content.