Malicious extensions to the Chrome Web Store

A report by security company Radware shows that its users Chrome were exposed to yet another wave of malicious extensions offered to them by the official Chrome Web Store.

Η Radware company reports that these extensions were used to execute "credential theft, encryption, click fraud and more". According to Radware analysis, the malware they discovered was active at least as of March 2018. It has infected more than 100.000 user devices in more than 100 countries and has installed at least seven other different Chrome extensions with malicious content, using following attack method:

1. Attackers use Facebook advertising to reach potential victims.
2. Users are redirected to fake YouTube pages.
3. A question appears asking them to install a Chrome extension to play the video.
4. Clicking on “add extension” installs the extension and makes the user part of one .
5. Malicious JavaScript is executed during installation, which installs additional code from one of commands.

The extensions used by the attackers were copies of various popular extensions of Chrome, with a similar name, but which contained additional malicious code within them. According to of the Radware company, the following extensions (not the same but copies of them) have been identified as malicious:

Nigelify
PwnerLike
Alt-j
Fixed-case
Divinity 2 Original Sin: Wiki Skill Popup
keeprivate
iHabno

In the photo above the left extension is the normal one and the right one is the malicious one.

You can check the company website for extension IDs as well as other information. Google has already removed all of these copy-extensions.

Considering that the attackers have been operating the extensions since March 2018, it is clear - again - that Google's protection system is not working properly.

Chrome users should verify any extensions they are interested in before deciding to click the install button. One rule of thumb is that you should never install extensions that ask you to do this outside of the Chrome Web Store, but because as you can see there are malicious extensions hosted on the Store, this rule is not a panacea.

The main problem is that the majority of users can not check whether a Chrome extension is legal or not, as to be absolutely sure you need to analyze its code.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.083 registrants.

2018botnetCASE​extensionI'm sure

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).