Half a million users affected by malicious Chrome extensions
Researchers from US-based IT security company, ICEBRG have uncovered four Chrome extensions containing malicious code that were available through the official Chrome Web Store.
The company revealed in its blog that although these extensions were most likely used to conduct click fraud and/or SEO manipulation, they could also provide cyber criminals with a means to gain access to the corporate network, where they could access proprietary and sensitive data.
The company added that among the approximately 500 000 affected, were workstations within large corporates around the world.
ICEBRG said it detected an anomalous spike in outbound network traffic from one of its customer's workstations, which prompted the investigation that led to the discovery of the four malicious extensions. They are: Change HTTP Request Header, Nyoogle - Custom Logo for Google, Lite Bookmarks, and Stickies - Chrome's Post-it Notes.
According to the company, the majority of leading Web browsers enable users to install extensions, and although they can improve the user's overall experience, they put them at risk due to their ability to inject and execute arbitrary code.
This, together with the ease of installation, the limited understanding of the underlying risks, and inadequate security controls, leaves businesses vulnerable to a serious attack vector, ICEBRG added. "Removal of the malicious extension from the Chrome Web Store may not remove it from impacted hosts. Additionally, the use of third-party Chrome extension repositories may still allow the installation of the extensions," the company added.
A security nightmare
According to Simon Campbell-Young, MD of Intact Software Distribution, keeping PCs safe is an onerous task, given the many ways code can execute through plugins, extensions and applications that may seem legitimate, but in reality contain malware.
"Extensions are a security nightmare. If you're not careful, they have the ability to access pretty much everything you do online. This could include capturing login details and passwords, tracking your browsing history, putting malvertising into the pages you access and suchlike. Remember that popular browser extensions can easily be hijacked by a clever threat actor, and turned into malware."