written by
Zack Calloway

The Cloud9 “Browser Extension” Is Dangerous: What to Do

Ransomware Malware 3 min read
Why you will not be fine on this Cloud9

There’s a new online security threat circulating right now. It’s a pretty bad one, so you’ll want to make sure you and your team haven’t fallen victim to it yet — and that you don’t unknowingly do so in the future.

Here’s everything you need to know about the Cloud9 threat.

What Is Cloud9?

Cloud9 is the name of a malicious browser extension that affects Google Chrome and Microsoft Edge (two of the most popular web browsers out there, and almost certainly what you’re using if you’re on a PC).

What’s a Browser Extension, Again?

Browser extensions are usually harmless and can be incredibly helpful: they let you do more with your web browser, like interact with your Google Calendar or run a grammar checker like Grammarly on any text you’re typing into a browser. Some password managers run as browser extensions, too, and we’ve told you before how much we love password managers.

The problem with browser extensions is that anyone can make one. And they aren’t subject to the kinds of rigorous review protocols that it takes to get into the App Store or Steam or other vetted software portals.

So, while you hopefully aren’t going to run into a malicious browser extension directly on Google’s directory of extensions, you might encounter one out on the broader internet — and have no idea you ever installed it.

How Cloud9 Infects Your Computer

To get installed into your browser, Cloud9 has to find a way to get you to click “OK” or “Install.” It can’t just install itself.

Of course, if you saw an ad that said “Do you want to install something that will mess up your device and threaten your business?” you’d say no! But the criminals behind Cloud9 aren’t so forthcoming.

The latest scheme for spreading Cloud9 looks like a run-of-the-mill software update. You’re browsing the web, and suddenly something pops up and says you need to update Adobe Flash. That sounds legit, so you click “OK” — and boom, you’re infected with Cloud9.

In reality, Flash got discontinued several years ago. There are no more updates to install, and only old, outdated website use Flash anymore.

That pop-up was a scam, and if you clicked “OK” or “Update”, you gave Cloud9 permission to install itself on your device.

What Cloud9 Does

Cloud9 is a browser extension that creates something called a botnet. On its own, a single infected computer can’t do a ton of harm. But the botnet connects together a group of infected devices, stealing just a little processing power from each one. The botnet is controlled centrally as if it’s a single system, and attackers can use it to steal data, send out spam or additional scammy email campaigns, or launch something called a distributed denial of service (DDoS) attack (where the botnet targets a website or service and drowns it in fake traffic so that legitimate users can’t get through).

Maybe worst of all, Cloud9 can function as a keylogger. That means it captures every key input, every time you press a key on your keyboard. Anything you type — passwords, sensitive communications, anything — can be stolen this way.

Protect Yourself Against Cloud9

So, what can you do about this threat?

First, don’t click internet pop-ups, period. If an app legitimately needs an update, launch the app manually, and it will tell you to update from within the app.

Second, get your security software and your browser(s) updated to the latest version. This exploit was only recently discovered, so future updates should block the malicious code from functioning.

Third, turn on Enhanced Protection in your browser settings, and you’ll get automatic warnings if you veer onto a known risky website.

Last, make sure you’re using high-quality cybersecurity protection software and that your policies and governance are set up to keep you protected.

We’re happy to help you with all of this, of course— reach out today to discuss your needs.

browser extension