Recently it was discovered a set of extensions that pushed users to malicious sites while injecting unwanted advertising.
There have been 500 such extensions. Google then caught on him from them remove from its official online store.
Its malicious extensions were discovered by IT security specialist Jamila Kaya and her Duo Security team at Cisco. The investigation that concluded with this discovery lasted more than 2 months.
This article will also interest you: Google Chrome: Google's vulnerable browser
How it works so these malwares. According to the specialist, the extensions injected advertising malicious when users were opening browsing sessions. and once the conditions for activation have been met, malicious acts the user was automatically written to certain sites. Internet. In some cases, cases, they were sent to websites such as The Act, Dell or BestBuy, in other cases, if not the majority, it was to software download sites they were sent. So to speak a coup classic phishing.
According to the report of the experts who discovered the these extensions were not there by chance. It was actually a malware network as part of a very large operation that had been running for at least two years. According to the team, the pirates the basis of this would be active since 2010.
According to researcher Jamila Kaya, millions of users would have been victims of this superch on a large scale. It's following a routine search that she came across the extensions and their illicit activities. "Individually, I identified more than a dozen extensions that shared the same model (…) I have contacted Duo, and we were able to quickly identify them through the CRXcavator data and discover the entire network." According to the Duo team, extensions that were discovered from the beginning had actually affected about 1.7 million people using Google Chrome. "Then we shared our findings with Google, which was receptive and collaborated elimination of extensions," explains Jamila Kaya.
Immediately after the researchers' discoveries, Google also conducted internal investigations, resulting in detecting all extensions following the same model. What happened ended with the banning of 500 malicious extensions in total. However, even if it is not known exactly how many are in circulation, it is very likely that the number could reach millions. The search is therefore ongoing.
It should then be noted that this is not the first malicious extension network discovered on chrome. And there are many more. That's why he asked users to always be vigilant. "The list of affected extensions is included in the Duo report. When Google banned extensions from the official store, it also disabled them in each user's browsers, while marking the extension as "malicious" so users would know it should be removed, not reactivated. notes the experts of the Duo team.
Now access an unlimited number of passwords: