Independent security researcher Jamila Kaya discovered multiple malicious extensions on Chrome, which managed to evade Google’s security detection while simultaneously pulling put data, with the help of CRXcavator.
Upon receiving the report, Google removed the malicious extensions from the Chrome Store and also blocked the extensions on user’s browsers. Initially, the researchers found out 70 such extensions which elevated to 500 when Google scanned the Chrome Store.
The functionality of the attacks
These extensions relied on a technique called Malvertising, which aided these extensions in hiding malicious commands behind seemingly legitimate cookies and advertisements. According to the researchers, this is still a menace to online cybersecurity and is again rising despite being detected multiple times.
These malicious ads redirect users to specific sites, sometimes to legitimate ones such as Macy’s, Dell, or Best Buy and other times to the malicious download links and hacks.
Believed to be operating since 2010
As found out by Jamila Kaya, these extensions had no contact information and support and are believed to be operating since 2010. Furthermore, these plugins have no ratings and have similar source codes with the only difference in function names, which helps those plugins from being detected.
These plugins need extensive permission before they can be installed, which enable them to gather vast amounts of data via the browser.
Users should download the extensions only after researching extensively. They should also take a look at the ratings and read the comments. Moreover, users must exercise caution while giving permission to any third-party extensions.
“We appreciate the work of the research community, and when we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” said a Google spokesperson. “We do regular sweeps to find extensions using similar techniques, code, and behaviours, and take down those extensions if they violate our policies.”
Also read: How to update Google Chrome?