4 Malicious Extensions Found in Chrome Web Store

Heads up, Google Chrome users: Researchers at enterprise security business firm Icebrg recently discovered four malicious extensions in the official Google Chrome Spider web store.

The malicious extensions—named Change HTTP Asking Header, Nyoogle, Lite Bookmarks, and Stickies—have affected more than than one-half a 1000000 Google Chrome users, including workers at major organizations around the world, the researchers wrote in a Monday web log post.

"Although likely used to bear click fraud and/or search engine optimization (SEO) manipulation, these extensions provided a foothold that the threat actors could leverage to proceeds access to corporate networks and user information," they added. Click fraud campaigns "enable a malicious party to earn acquirement past forcing victim systems to visit advertising sites that pay per click," Icebrg wrote.

The windfall from this type of scheme can exist massive. A similar botnet dubbed Chameleon, which had more than than 120,000 host machines, toll advertisers $half-dozen million per month before it was dismantled in 2022. It's unclear how much money the individuals behind this new batch of malicious Chrome extensions racked up from the scheme.

Moreover, malicious actors could use this same capability to "browse internal sites of victim networks, effectively bypassing perimeter controls that are meant to protect internal assets from external parties," Icebrg wrote.

The researchers discovered the malicious extensions while investigating a suspicious fasten in outbound network traffic from a customer'southward workstation. It informed Google and other "relevant parties," including the United States Reckoner Emergency Readiness Team and the National Cyber Security Eye of The netherlands (NCSC-NL).

It appears Google has since removed all 4 malicious extensions from the Chrome Spider web store.

Even so, the researchers warn that the malware may still exist present on impacted machines, fifty-fifty if the extensions are no longer available in the shop. They may too still be available for download via 3rd-party Chrome extension sources.

Google did not immediately respond to PCMag's request for annotate.

The researchers warned that it'south easy for organizations and private users to overlook this threat.

"Coupling an extension market style 'easy install' for users, limited understanding of the underlying risks, and few compensating controls leaves organizations vulnerable to a serious and easily overlooked attack vector," they wrote. "To a motivated threat histrion, this approach presents a range of opportunities, from co-opting enterprise resources for advert click-fraud to leveraging a user'southward workstation every bit a foothold into the enterprise network."

About Angela Moscaritolo

Angela Moscaritolo is PCMag's expert on fitness and smart home products. Teaching yoga for nearly x years has helped her in evaluating a range of connected health products including fitness trackers, eye charge per unit monitors, rowers, smart scales, stationary bikes, strength training machines, treadmills, and more. Angela also tests smart home devices from her ranch in Florida, including air purifiers, kitchen appliances, and robot vacuums, just to proper name a few.

Source: https://sea.pcmag.com/news/19148/4-malicious-extensions-found-in-chrome-web-store

Posted by: parkersookinium.blogspot.com

Share this post