Late last week, Google confirmed removing 34 malicious extensions from its Chrome Web Store. The extensions were capable of injecting ads into pages and exfiltrating sensitive data from compromised endpoints. In total, the extensions were downloaded more than 75 million times.
As reported by BleepingComputer, the malware was first spotted by cybersecurity researcher Wladimir Palant who, after analyzing the PDF Toolbox extension, discovered that it included a hidden code.
This allowed a domain called serasearchtop[.]com to inject arbitrary JavaScript code into any website that the user visits. The code would activate 24 hours after the extension was installed – typical malware behavior, the publication said.
Millions of users
Palant quickly discovered more malicious extensions, bringing the number up to 18. At first, he wasn’t able to determine any malicious activity, although the speculation was that the extensions injected ads into websites.
Soon after that, cybersecurity researchers from Avast chimed in, expanding the list to 32 entries in total. Some of the most popular extensions include Autoskip for YouTube which has 9 million active users, Soundboost with 6.9 million, and Crystal Ad block with 6.8 million.
The full list of the malicious extensions can be found on here. Palant says 34 extensions in total were found to be malicious. User reviews on the Web Store suggest that the extensions were redirecting users to different websites, hijacking search results, and displaying unwanted ads.
Google has responded to inquiries on the matter, claiming the reported extensions were removed from the store.
“The Chrome Web Store has policies in place to keep users safe that all developers must adhere to,” the Google representative told BleepingComputer.
While the extensions have been removed from the store, users are still vulnerable until they remove them from their endpoints manually, so if you have any, make sure to remove them as soon as possible.
Via: BleepingComputer
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba