Skip to content
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
The Reimage Blog
Menu
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
Facebook Twitter
Home  /  Privacy and Security  /  Google removes 500+ malicious Chrome extensions from the Web Store
PostedinPrivacy and Security Posted on February 13, 2020

Google removes 500+ malicious Chrome extensions from the Web Store

Posted By Matthew.England

A network of malicious Chrome extensions was injecting malicious ads in millions of Chrome installs.

Google has removed more than 500 malicious Chrome extensions from its official Web Store following a two-months long investigation conducted by security researcher Jamila Kaya and Cisco’s Duo Security team.

The removed extensions operated by injecting malicious ads (malvertising) inside users’ browsing sessions.

The malicious code injected by the extensions activated under certain conditions and redirected users to specific sites. In some cases, the destination would be an affiliate link on legitimate sites like Macys, Dell, or BestBuy; but in other instances, the destination link would be something malicious, such as a malware download site or a phishing page.

According to a report published today and shared with ZDNet, the extensions were part of a larger malware operation that’s been active for at least two years.

The research team also believes the group who orchestrated this operation might have been active since the early 2010s.

MILLIONS OF USERS BELIEVED TO BE IMPACTED

Responsible for unearthing this operation is Kaya. The researcher told ZDNet in an interview that she discovered the malicious extensions during routine threat hunting when she noticed visits to malicious sites that had a common URL pattern.

Leveraging CRXcavator, a service for analyzing Chrome extensions, Kaya discovered an initial cluster of extensions that run on top of a nearly identical codebase, but used various generic names, with little information about their true purpose.

“Individually, I identified more than a dozen extensions that shared a pattern,” Kaya told us. “Upon contacting Duo, we were able to quickly fingerprint them using CRXcavator’s database and discover the entire network.”

According to Duo, these first series of extensions had a total install count of more than 1.7 million Chrome users.

“We subsequently reached out to Google with our findings, who were receptive and collaborative in eliminating the extensions,” Kaya told ZDNet.

After its own investigation, Google found even more extensions that fit the same pattern, and banned more than 500 extensions, in total. It is unclear how many users had installed the 500+ malicious extensions, but the number is more than likely to be in the millions range.

EXTENSIONS DISABLED IN USERS’ CHROME INSTALLS

Networks of malicious Chrome extensions have been unearthed in the past. Typically, these extensions usually engage in injecting legitimate ads inside a user’s browsing session, with the extension operators earning revenue from showing ads. In all cases, the extensions try to be as non-intrusive as possible, so not to alert users of a possible infection.

What stood out about this scheme was the use of “redirects” that often hijacked users away from their intended web destinations in a very noisy and abrasive manner that was hard to ignore or go unnoticed.

However, in the current state of the internet where many websites use similar advertising schemes with aggresive ads and redirects, many users didn’t even bat an eye.

“While the redirects were incredibly noisy from the network side, no interviewed users reported too obtrusive of redirects,” Kaya told ZDNet.

A list of extension IDs that were part of this scheme are listed in the Duo report. When Google banned the extensions from the official Web Store, it also deactivated them inside every user’s browser, while also marking the extension as “malicious” so users would know to remove it and not reactivate it.

Credits: Catalin Cimpanu

Source: https://www.zdnet.com/article/google-removes-500-malicious-chrome-extensions-from-the-web-store/

Tags: Extensions Google Chrome
Share on Facebook Share on Twitter
Previous Article
Galaxy S20 Ultra specs vs. iPhone 11 Pro Max, Pixel 4 XL and Note 10 Plus
Next Article
How to use all of the different features Windows 10 offers

About Author

Matthew.England

Related Posts

  • FBI cleans up infected Exchange servers

    April 16, 2021
  • This browser extension promises to block Google’s controversial new tracking algorithm

    April 12, 2021
  • Google will stop selling ads based on tracked individual browsing history

    March 11, 2021

Leave a Reply

Cancel reply

Scan Now

Categories

  • Business
  • Computer Help
  • Emerging Technology & News
  • Privacy and Security
  • Reviews

Reviews

Reimage Social

Security

Popular Posts

  • PCWorld calls Reimage “A Fantastic Repair Utility “ July 26, 2011 Reviews
  • 4 Ways to Keep the Ghouls & Goblins Away From Your PC October 26, 2010 Archive
  • The PC Key to Happiness – A Properly Maintained OS September 2, 2010 Archive
  • Google says hacked websites were attacking iPhones for years September 12, 2019 Privacy and Security

Random Posts

  • How to use the new Firefox Private Network September 23, 2019 Computer Help
  • Reimage cures corrupted registry blues October 19, 2008 Archive
  • New Apple 27-inch iMac: Hands-on with a work-from-home beast August 6, 2020 Reviews
  • Apple now lets you use your iCloud passwords in Google Chrome on your Windows PC April 20, 2021 Computer Help
© Copyright 2019
We use cookies to ensure that we give you the best experience on our website.Ok