Hackers are using rogue extensions to target victims by engaging in everything from installing adware onto the browser to malvertising attacks, according to security firm Malwarebytes.
Although Google is building several defense and safety mechanisms into the Chrome browser and its ChromeOS platform, cybercriminals are using extensions as a key infiltration method to spread malware, according to the security company.
Malicious actions include data theft, popup ads that redirect to compromised or malicious websites and even spying, all of which is possible due to rogue extensions.
One such example discovered by the security firm shows a malvertising incident that pressed users to install a calculator extension on Chrome called iCalc. Once opened, there was simply no way to close the window or even refuse to install the application. At this point in time, the extension put up dialog boxes and audio messages via popups, showing an aggressive distribution method to spread intrusive disrupters like malware.
The extension had some telltale signs of being malicious beyond its method of aggressively insisting on being installed. For instance, there was no screenshot of information or reviews associated with the extension, usually a red flag for some advanced users but not so for casual users looking to download a calculator extension. This extension also required permissions that sought to read and even change all data on websites visited. When installed, the extension began to communicate with its author’s remote computer as well.
This extension had already been downloaded over a thousand times on the Chrome web store, prior to its removal. It was only after a while that its true intentions and nature was discovered before being flagged and removed.
Suffice to say, harmful extensions exist in the Chrome store and Lifars readers are urged to look closely at reviews and the credibility of any extension or application before downloading and installing them.
The MalwareBytes blog added:
This [packing malicious extensions] makes it an ideal situation for threat actors to aggressively push bogus apps and use a little bit of social engineering to coerce end users into downloading malware laden extensions.
Image credit: Wikimedia.
