Google Web Store had hundreds of malicious Chrome extensions that used to barrage users with advertisements. Google has now removed 500 such extensions.
Malicious Chrome Extensions Throwing Ads
Reportedly, security researcher Jamila Kaya, with Cisco’s Duo Security, found a flurry of malicious Chrome extensions on Google Web Store. Kaya discovered that the extensions copied other legit add-ons to fool users and execute malicious activity.
The researcher discovered these extensions by using the Duo Labs tool for analyzing Chrome extensions, CRXcavator. As revealed in a blog post, Kaya and Duo found dozens of browser extensions on the Chrome Store that barraged users with ads.
While these extensions posed like a legit-working add-on, they also injected scripts to users’ browsing sessions, redirecting them to other sites. Though, some of these redirections went to legit websites, such as BestBuy, Dell, or Macy’s, most redirections linked to malicious websites.
These extensions, together, affected over 1.7 million users.
Technical details about this study and the list of the said extensions are available in Duo Labs’ post.
Google Removed The Extensions
At first, Kaya found a few dozens of such extensions that seemingly belonged to the same network. Later, Kaya and Duo reached out to Google informing them of the malicious add-ons.
Consequently, Google began investigating the matter and unveiled 500 such malicious extensions. Eventually, the tech giant removed all the extensions from the Web Store. As per their statement,
We appreciate the work of the research community, and when we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses. We do regular sweeps to find extensions using similar techniques, code, and behaviors and take down those extensions if they violate our policies.
Though, the malicious extensions linked in this campaign no more exist on the Web Store. Yet, the researchers still advise the users to stay vigilant while using browser add-ons.
Let us know your thoughts in the comments.