Malicious NexShield Browser Extension Crashes PCs and Installs Malware in New Scam
WASHINGTON, D.C. — A new cybersecurity threat has emerged targeting users of Google Chrome and Microsoft Edge browsers through a deceptive extension called NexShield. Marketed falsely as a fast and privacy-friendly ad blocker, NexShield exploits users’ trust by deliberately crashing browsers and coercing them into installing malware under the guise of a security fix.
Security researchers at Huntress recently uncovered the scheme, revealing that NexShield masquerades as a legitimate extension purportedly created by Raymond Hill, the real developer behind the widely trusted uBlock Origin. This fraudulent claim helped NexShield gain traction via online advertisements and search engine results before it was removed from the Chrome Web Store.
Once installed, NexShield aggressively consumes system resources by opening endless internal browser connections, causing tabs to freeze, CPU usage to spike, and RAM to fill rapidly until the browser hangs or crashes completely. This tactic effectively disables the browser, leaving users vulnerable and frustrated.
After a forced restart, users encounter alarming pop-up warnings falsely claiming that their system is compromised with serious security issues. The extension then instructs users to open the Windows Command Prompt and paste a pre-copied command, which, if executed, installs malicious software on the victim’s computer. This social engineering technique leverages fear and urgency to bypass cautious behavior.
Cybersecurity experts warn that this scam represents a significant threat to personal and organizational security. The Cybersecurity and Infrastructure Security Agency (CISA) advises users to avoid installing browser extensions from unverified sources and to scrutinize permissions requested by any extension.
Google and Microsoft have taken steps to remove NexShield from their respective extension stores, but experts emphasize that the extension may still be circulating through third-party sites or malicious advertisements. Users are urged to review their installed extensions and immediately uninstall any suspicious or unfamiliar add-ons.
The Federal Trade Commission (FTC) recommends that users keep their browsers and operating systems up to date to mitigate vulnerabilities and use reputable antivirus software to detect and remove malware infections.
This incident highlights the ongoing challenges in combating browser-based threats that combine technical exploits with psychological manipulation. The Federal Bureau of Investigation (FBI) continues to investigate such cybercrimes and encourages victims to report suspicious activity through their Internet Crime Complaint Center (IC3).
As browser extensions become increasingly popular tools for enhancing user experience, experts stress the importance of vigilance. Users should verify the authenticity of extensions by checking developer credentials, reading reviews, and consulting official sources before installation.
For additional guidance on protecting against browser extension scams and other cyber threats, the United States Computer Emergency Readiness Team (US-CERT) provides comprehensive resources and alerts.
In an era where digital security is paramount, the NexShield scam serves as a stark reminder that not all software promising convenience is safe. Users must remain cautious and informed to safeguard their devices and personal information from evolving cyber threats.
Leave a Reply