500 Malicious Extensions Removed From Chrome That Previously Barraged Users With Ads

Google Web Store had hundreds of malicious Chrome extensions that used to barrage users with advertisements. Google has now removed 500 such extensions.

Malicious Chrome Extensions Throwing Ads

Reportedly, security researcher Jamila Kaya, with Cisco’s Duo Security, found a flurry of malicious Chrome extensions on Google Web Store. Kaya discovered that the extensions copied other legit add-ons to fool users and execute malicious activity.

The researcher discovered these extensions by using the Duo Labs tool for analyzing Chrome extensions, CRXcavator. As revealed in a blog post, Kaya and Duo found dozens of browser extensions on the Chrome Store that barraged users with ads.

While these extensions posed like a legit-working add-on, they also injected scripts to users’ browsing sessions, redirecting them to other sites. Though, some of these redirections went to legit websites, such as BestBuy, Dell, or Macy’s, most redirections linked to malicious websites.

These extensions, together, affected over 1.7 million users.

Technical details about this study and the list of the said extensions are available in Duo Labs’ post.

Google Removed The Extensions

At first, Kaya found a few dozens of such extensions that seemingly belonged to the same network. Later, Kaya and Duo reached out to Google informing them of the malicious add-ons.

Consequently, Google began investigating the matter and unveiled 500 such malicious extensions. Eventually, the tech giant removed all the extensions from the Web Store. As per their statement,

We appreciate the work of the research community, and when we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses. We do regular sweeps to find extensions using similar techniques, code, and behaviors and take down those extensions if they violate our policies.

Though, the malicious extensions linked in this campaign no more exist on the Web Store. Yet, the researchers still advise the users to stay vigilant while using browser add-ons.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients