Google Chrome is the world’s most popular web browser and, with so many people using it, it’s an obvious target for cyber criminals looking to cash in on its success. And the latest threat is pretty worrying as it could have impacted more than 80 million users worldwide.
According to the team AdGuard, via ZDNet, it appears that a number of Chrome extensions found on the official Chrome Store could end up hijacking the browser and bombarding users with adverts when searching the web in Google or Microsoft’s Bing.
Some extensions are also capable of “cookie stuffing” which can allow hackers to get paid a commission when a user buys something online.
The discovery was made after AdGuard was investigating a number of fake ad-blocking extensions.
Total of 295 extensions were unearthed in this attack which includes fake ad blockers as well as weather widgets and extensions claiming to offer screenshot capture utilities.
The main threat (245 of the 295) appears to come from simple extensions that can apply custom backgrounds when a user launches a new tab.
In a detailed document shared with ZDNet, AdGuard revealed that all extensions loaded malicious code from the fly-analytics.com domain, and then proceeded to quietly inject ads inside Google and Bing search results.
Many of the applications are still available on the Chrome Store despite ADGuard highlighting the threat and Google recently launching a way to stop these kinds of attacks.
Explaining more, ADGuards’s Andrey Meshkov, said: “Last year Google included Chrome extensions into their bug bounty program. Sounds like a good way to get to the right people in Google so that’s exactly what I did this time. My report on extensions from the first group was accepted, and some investigation has been started. Also, it appears that extensions from the second group were reported earlier.
However, three weeks have already passed since then. Most of these extensions are still available in CWS and there are more and more users installing them.”
It does now appear that some of the extensions have started to be removed but Chrome users should still be on high alert when adding extras to their browser.
Speaking about the threat Jake Moore, Cybersecurity Specialist at ESET, said: “Browser extensions can be extremely useful and come with thousands of benefits – but you should remain cautious when you download anything to your device.
“Being vigilant about extensions usually means reading the reviews and checking how many downloads there have been. But in many cases this still isn’t enough, as many browser extensions are free and quickly gain lots of traction before they are reviewed and it’s too late.
“There are, however, ways to be more careful when downloading third party extensions. Many rogue extensions will ask for permissions to be granted for access to your data or other information on your machine, which I recommend you do not allow. Google can’t ever guarantee 100% security on all of its third party add-ons, so you must be careful and reduce excess access to your machine and your data.”
ADGuard has also release some advice on how to stay safe and it’s worth taking note of these top tips.
How to protect yourself?
• Generally speaking, the rules of ‘personal hygiene’ in Chrome Store haven’t changed since the last time I addressed this problem.
• If you’re going to install a browser extension, think again. Maybe you don’t really need it?
• Install extensions only from the developers you trust.
• Don’t believe what you read in the extension’s description.
• Reading the users’ reviews won’t help as well. Most of the malicious extensions have excellent reviews and yet they are malicious.
• Don’t use the Chrome Web Store internal search, follow the links on the trusted developers’ websites directly.
Source: Read Full Article