Be careful of these 4 malicious Google Chrome extensions

Be careful of these 4 malicious Google Chrome extensions

Apps Software

oi-Samden Sherpa

The Google Chrome extensions that have been identified by analytics firm ICEBRG are Change HTTP Request Header, Lite Bookmark, Stickies, and Nyoogle.

|

Earlier this month we reported that a popular Google Chrome extension called Archive Poster was reportedly misbehaving and had turned into an in-browser cryptocurrency miner. In a new development, security researchers have now detected four more malicious extensions on the Google Chrome browser. While the extensions have been taken down, they attracted some half-a-million active users.

Be careful of these 4 malicious Google Chrome extensions

The extensions have been identified by analytics firm ICEBRG as Change HTTP Request Header, Lite Bookmark, Stickies, and Nyoogle. ICEBRG said the four were likely employed for a click-fraud scam operation with the clear purpose of generating revenues.

ICEBRG ha notified Google and other stakeholders on the matter. As such, extensions like Change HTTP Request Header, Lite Bookmark, and Stickies have been removed from the Chrome Web Store. Nyoogle is still available to download, but Google has yet to issue a statement on the matter.

If you take the worldwide statics, Google Chrome basically is the most popular global web browser in terms of usage. As a result, the browser is a default favorite for cyber attacks. While the browser is known for its vaunted security features, mainly for its security sandbox and quick deployment of vulnerability patches, cybercriminals seem to always find an ingenious workaround to crack the protective shell put up by Google.

It appears that these criminals are tapping loopholes that exist on the Chrome Web Store to penetrate Google’s security protocols implemented on its web browser. The attackers’ latest weapon, it turned out, is a loaded browser extension.

According to ICEBRG making use of such tactic is quite effective, as malware authors take advantage of the system, which seemingly enjoys robust security, that governs the use of browser extensions found on the Chrome Web Store.

“In this case, the inherent trust of third-party Google extensions, and accepted risk of user control over these extensions allowed an expansive fraud campaign to succeed. In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks,” the security firm said in its comprehensive report.

Google tango, the augmented technology AR – GIZBOT

Meanwhile, the security firm has warned that the threat implications are high and true for both the average consumers and enterprise users. According to the report, the extensions managed to expose the system of some 500,000 Chrome users.

However, the security firm has also offered a brief description of how the weaponized extension works out. “By design, Chrome’s JavaScript engine evaluates (executes) JavaScript code contained within JSON. Due to security concerns, Chrome prevents the ability to retrieve JSON from an external source by extensions, which must explicitly request its use via the Content Security Policy (CSP),” ICEBRG said.

“When an extension does enable the ‘unsafe-eval’ permission to perform such actions, it may retrieve and process JSON from an externally-controlled server. This creates a scenario in which the extension author could inject and execute arbitrary JavaScript code anytime the update server receives a request.”

With this incident, Google Chrome users should basically keep a safe distance from browser extensions, specifically those coming from third-party providers.

Best Mobiles in India

  • Samsung Galaxy S21 FE 5G

    54,999

  • OPPO Reno7 Pro 5G

    36,599

  • Xiaomi 11T Pro 5G

    39,999

  • Vivo V23 Pro 5G

    38,990

  • Apple iPhone 13 Pro Max

    1,29,900

  • Vivo X70 Pro Plus

    79,990

  • OPPO Reno6 Pro 5G

    38,900

  • Redmi Note 10 Pro Max

    18,999

  • Motorola Moto G60

    19,300

  • Xiaomi Mi 11 Ultra

    69,999

  • Apple iPhone 13

    79,900

  • Samsung Galaxy S22 Ultra

    1,09,999

  • Apple iPhone 13 Pro

    1,19,900

  • Samsung Galaxy A32

    21,999

  • Apple iPhone 13 Pro Max

    1,29,900

  • Samsung Galaxy A12

    12,999

  • OnePlus 9

    44,999

  • Redmi Note 10 Pro

    15,999

  • Redmi 9A

    7,332

  • Vivo S1 Pro

    17,091

  • Motorola Moto G32


    17,041

  • OnePlus Ace Pro


    39,999

  • Oppo K10 Energy


    26,020

  • ZTE nubia Z40S Pro


    40,230

  • Vivo Y30 5G


    18,910

  • Infinix Note 12 Pro 4G


    15,877

  • Honor X40i


    19,206

  • Nokia 2660 Flip


    4,782

  • Nokia 5710 XpressAudio


    7,061

  • Nokia 8210 4G


    6,119

Story first published: Thursday, January 18, 2018, 15:45 [IST]

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *