Google Removes 500 Malicious Chrome Extensions

A grueling investigation conducted past security researcher Jamila Kaya and Cisco's Duo Security team has exposed over 500 malicious Chrome browser extensions. Google has now removed the malicious extensions from the Chrome Web Store.

These extensions ran malicious ads and uploaded individual browsing data to servers without user consent. The researchers plant that the malicious actors had been operating for at least 2 years and affected almost one.7 one thousand thousand users.

Kaya made use of Duo's free automated Chrome extension security assessment tool CRXcavator for the initial findings. The researcher later collaborated with other researchers at Duo for finding more bear witness.

"The Chrome extension creators had specifically made extensions that obfuscated the underlying advertizing functionality from users," wrote the researchers in a weblog post. "This was done in society to connect the browser clients to a control and command architecture, exfiltrate private browsing information without the user's knowledge, expose the user to take chances of exploit through advertizement streams, and attempt to evade the Chrome Spider web Store'southward fraud detection mechanisms."

For those wondering how these attackers managed to snoop on your browsing data, they relied primarily on plugins that'd redirected users to malicious websites. The researchers point out that the plugins had the same name as the harmful website.

For instance, the researchers found similar source code on two plugins namely Mapstrek and Arcadeyum among others. The malicious websites linked to the plugins were Mapstrek<dot>com and Arcadeyum<dot>com. These websites were hosted on AWS.

To stay prophylactic from similar malicious extensions, the researchers recommend keeping rail and regularly checking upward on the extensions installed on your browser and removing the suspicious ones, if any.