New 'CrashFix' Scam Intentionally Crashes Browsers to Deliver Malware

Uncover the "CrashFix" scam: a malicious Chrome extension crashes browsers, leading to fake security fixes and malware threats.

By Content Team

Jan 21, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals are using a sophisticated new attack called "CrashFix" that deliberately crashes victims' browsers before offering a fake solution. The scam starts with a malicious Chrome extension called NexShield, disguised as the popular uBlock Origin Lite ad blocker.

Once installed, the extension waits an hour then floods the browser with connection requests, causing it to crash. When users try to restart, they see a fake security warning instructing them to run a "repair" command that's actually malware.

Huntress Labs discovered corporate networks receive ModeloRAT, a sophisticated backdoor, while home users get test payloads. The threat actor "KongTuke" clearly prioritizes business targets over individual users.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Adobe Rushes Emergency Patch for Acrobat Reader Zero-Day Under Active Attack

Apr 13, 2026

FortiGate Firewalls Under Automated Attack Since January 15

Jan 26, 2026

Hasbro Hit by Cyberattack, Potentially Delaying Peppa Pig and Transformers Deliveries

Apr 2, 2026

Hackers Target Zero-Day Flaw in Old D-Link Routers No Longer Getting Updates

Jan 8, 2026