card

Malicious Chrome extensions with 75 million instals removed from Web Store

20.06.2023
318

App Store seemed to be the most haunted by hackers, but this time, they have taken their activities to the Web Store. Google has taken down 32 malicious extensions from the Chrome Web Store due to their potential to alter search results and display spam or unwanted ads. These extensions, which had a combined download count of 75 million, initially appeared to have legitimate functionality but contained obfuscated code that carried out malicious actions. Take time to read this article- Legitimate Android app transforms into data-snooping malware.

Cybersecurity researcher Wladimir Palant analysed the PDF Toolbox extension and discovered that it included code disguised as a legitimate extension API wrapper. This code allowed the "serasearchtop[.]com" domain to inject arbitrary JavaScript code into visited websites, posing risks such as ad insertion and data theft. Palant observed no malicious activity but noted the suspicious behaviour of the code activating 24 hours after installation. You need a complete VPN service. Let hide VPN secure your network.

Further investigation by Palant revealed the same suspicious code in 18 additional Chrome extensions, including popular ones like Autoskip for Youtube and Soundboost. Despite reporting these extensions to Google, they remained available in the Chrome Web Store.

Avast, a cybersecurity company, later confirmed the malicious nature of these extensions and reported them to Google. In total, 32 extensions were identified, boasting 75 million instals. Avast emphasised that while these extensions may seem harmless, they function as adware, hijacking search results to display sponsored and sometimes malicious links.

Google responded to the reports by stating that the extensions had been removed from the Chrome Web Store and that they take security claims seriously. However, users need to manually remove the extensions from their browsers to eliminate the associated risks. Users should take note that Android malware infiltrates 60 Google Play apps with 100 million instals so as to take appropriate measures as well.

It's important for users to be cautious and proactive in ensuring their browser's security by regularly reviewing installed extensions, using a VPN service, and promptly removing any suspicious or malicious extensions.