SYMBOLCOMMON_NAMEaka. SYNONYMS
js.wd (Back to overview)

js.wd

The threat actor of this family compromised Chrome extension developer accounts and attached malicious code to the extensions. Web Developer 0.4.9, Chrometana 1.1.3, Infinity New Tab 3.12.3, CopyFish 2.8.5, Web Paint 1.2.1, and Social Fixer 20.1.1 were affected by this. TouchVPN and BetterVPN were assumed to be targets as well.

This lead to the execution of another Javascript that substitutes ad banners for their own, effectively hijacking ad traffic. It is also reported that fake pop-up alerts were used to lure victims to download possibly other malware.

References
2017-08-14ProofpointKafeine
Threat actor goes on a Chrome extension hijacking spree
js.wd

There is no Yara-Signature yet.