Cybersecurity Researchers Uncover Ongoing KongTuke Campaign Using Fake Chrome Ad-Blocker Extension

Cybersecurity researchers have uncovered an ongoing campaign named KongTuke, which employs a malicious Chrome extension disguised as an ad-blocker. The extension intentionally crashes the browser to trick victims into executing arbitrary commands through tactics similar to ClickFix, ultimately deploying ModeloRAT, a previously undocumented remote access trojan (RAT). This attack represents an evolution of ClickFix techniques. No specific date or geographic targets have been mentioned. The extension exploits legitimate Chrome features to bypass security mechanisms. ModeloRAT enables remote control of infected systems.