App Store seemed to be the most haunted by hackers, but this time, they have taken their activities to the Web Store. Google has taken down 32 malicious extensions from the Chrome Web Store due to their potential to alter search results and display spam or unwanted ads. These extensions, which had a combined download count of 75 million, initially appeared to have legitimate functionality but contained obfuscated code that carried out malicious actions. Take time to read this article- Legitimate Android app transforms into data-snooping malware.
Further investigation by Palant revealed the same suspicious code in 18 additional Chrome extensions, including popular ones like Autoskip for Youtube and Soundboost. Despite reporting these extensions to Google, they remained available in the Chrome Web Store.
Avast, a cybersecurity company, later confirmed the malicious nature of these extensions and reported them to Google. In total, 32 extensions were identified, boasting 75 million instals. Avast emphasised that while these extensions may seem harmless, they function as adware, hijacking search results to display sponsored and sometimes malicious links.
Google responded to the reports by stating that the extensions had been removed from the Chrome Web Store and that they take security claims seriously. However, users need to manually remove the extensions from their browsers to eliminate the associated risks. Users should take note that Android malware infiltrates 60 Google Play apps with 100 million instals so as to take appropriate measures as well.
It's important for users to be cautious and proactive in ensuring their browser's security by regularly reviewing installed extensions, using a VPN service, and promptly removing any suspicious or malicious extensions.