Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
We have seen this threat create the Chrome browser extension Pointer on inner viewed links coordinates version 2.4 in %TEMP%\GCC\Profile\Default\Extensions\<random letters>\2.4_0.
Payload
Uses your PC for click fraud
This threat creates Chrome browser extensions that can use your PC for click fraud.
It can also monitor your browsing activities, such as tracking the websites you visit, and counting clicks and log responses for each website.
This malicious activity can severely impact the speed of your Internet connection as well as lead to excessive data usage charges from your Internet service provider.