Google Removes Over 500 Malicious Chrome Extensions


These extensions ran malicious ads and uploaded private browsing data to servers without user consent. The researchers found that the malicious actors had been operating for at least two years and affected about 1.7 million users.

Kaya made use of Duo’s free automated Chrome extension security assessment tool CRXcavator for the initial findings. The researcher later collaborated with other researchers at Duo for finding more evidence.

“The Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users,” wrote the researchers in a blog post. “This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the user’s knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms.”

For those wondering how these attackers managed to snoop on your browsing data, they relied primarily on plugins that’d redirected users to malicious websites. The researchers point out that the plugins had the same name as the harmful website.

For instance, the researchers found similar source code on two plugins namely Mapstrek and Arcadeyum among others. The malicious websites linked to the plugins were Mapstrekcom and Arcadeyumcom. These websites were hosted on AWS.

Reference: Click Hear

1 thought on “Google Removes Over 500 Malicious Chrome Extensions

  1. I have been surfing online more than three hours nowadays, but I by no means found any interesting article like yours. It’s beautiful price enough for me. In my view, if all webmasters and bloggers made excellent content material as you did, the net can be much more helpful than ever before. “I thank God for my handicaps, for through them, I have found myself, my work and my God.” by Hellen Keller.

Leave a Reply

Your email address will not be published. Required fields are marked *