Subscribe
  • Home
  • /
  • Malware
  • /
  • Half a million users affected by malicious Chrome extensions

Half a million users affected by malicious Chrome extensions

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 16 Jan 2018

Researchers from US-based IT security company, ICEBRG have uncovered four Chrome extensions containing malicious code that were available through the official Chrome Web Store.

The company revealed in its blog that although these extensions were most likely used to conduct click fraud and/or SEO manipulation, they could also provide cyber criminals with a means to gain access to the corporate network, where they could access proprietary and sensitive data.

The company added that among the approximately 500 000 affected, were workstations within large corporates around the world.

ICEBRG said it detected an anomalous spike in outbound network traffic from one of its customer's workstations, which prompted the investigation that led to the discovery of the four malicious extensions. They are: Change HTTP Request Header, Nyoogle - Custom Logo for Google, Lite Bookmarks, and Stickies - Chrome's Post-it Notes.

Risky business

ITWeb Security Summit 2018

Registration is open for the ITWeb Security Summit 2018, being held in Johannesburg on 22 and 23 May and in Cape Town on 28 and 29 May. This is the must-attend annual event for information security professionals, featuring international speakers, workshops, as well as a beginners' guide to cyber security. Click here.

According to the company, the majority of leading Web browsers enable users to install extensions, and although they can improve the user's overall experience, they put them at risk due to their ability to inject and execute arbitrary code.

This, together with the ease of installation, the limited understanding of the underlying risks, and inadequate security controls, leaves businesses vulnerable to a serious attack vector, ICEBRG added. "Removal of the malicious extension from the Chrome Web Store may not remove it from impacted hosts. Additionally, the use of third-party Chrome extension repositories may still allow the installation of the extensions," the company added.

A security nightmare

According to Simon Campbell-Young, MD of Intact Software Distribution, keeping PCs safe is an onerous task, given the many ways code can execute through plugins, extensions and applications that may seem legitimate, but in reality contain malware.

"Extensions are a security nightmare. If you're not careful, they have the ability to access pretty much everything you do online. This could include capturing login details and passwords, tracking your browsing history, putting malvertising into the pages you access and suchlike. Remember that popular browser extensions can easily be hijacked by a clever threat actor, and turned into malware."

Share