A naukri.com initiative
Dev
2w
222
Image Credit: Dev
LetsDefend.io | SOC202- FakeGPT Malicious Chrome Extension
- The article discusses the investigation of a malicious Chrome extension named FakeGPT on LetsDefend.io, detailing the event's severity, date, and related information.
- The investigation covers areas such as file hash reputation check, suspicious processes analysis, network connections, browser history review, and log entries examination for possible Command and Control (C2) communication.
- The file hash was not flagged by antivirus vendors but had a negative community score, indicating potential malicious activity.
- Suspicious processes like chrome.exe and OpenWith.exe were analyzed, with details on their legitimacy and execution paths provided.
- Network actions revealed communication with several IPs, including EC2 instances in Singapore that were flagged for potential scam activities.
- Browser history showed the user downloading the extension, ignoring warnings, and accessing legitimate sites like OpenAI.
- Log investigations indicated outbound connections to potentially malicious hosts and IP addresses, with some flagged by antivirus vendors.
- Containment actions were taken swiftly upon confirming communication with a Command and Control infrastructure.
- Indicators of Compromise (IoCs) such as SHA-256 hash, malicious IPs, domains, and URLs were identified, leading to recommendations for removal, re-imaging, and security enhancements.
- The investigation showcased the detection and response process to a malicious Chrome extension event, emphasizing proactive security measures to mitigate risks.
Read Full Article
13 Likes
For uninterrupted reading, download the app