Wednesday, 17 January 2018

On 10:07 by admin   No comments

If you are like millions of users, you have downloaded and installed browser extensions on your workstation to save time and increase productivity. Unfortunately, four browser extensions for Google Chrome apparently have been doing some extra work that users weren't aware of.
Security firm ICEBRG found the malicious extensions when they found a spike in usage on a customer's computer. The extensions - HTTP Request Header, Nyoogle, Stickies, and Lite Bookmarks - would visit ad-based web links when the user wasn't aware, likely as part of a click-fraud scam. Once alerted, Google removed the extensions from the Chrome Web Store, but not before they had combined for more than 500,000 downloads.

When examining the code,  found HTTP Request Header didn't contain specifically malicious code, but two items together - JavaScript injection and browser proxying - raised the possibility of problematic code executions. The others worked in similar fashion.

"Hygiene of user workstations is a difficult problem to tackle, made even more difficult by the exhaustive number of ways that code can execute through seemingly legitimate applications and plugins,". "In this case, the inherent trust of third-party Google extensions, and accepted risk of user control over these extensions, allowed an expansive fraud campaign to succeed. In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks."

If you use Chrome, check your extensions to make sure you aren't using any of the four. If you are, uninstall them immediately.

This isn't the first time that Google has had an issue with malicious or fraudulent extensions, and likely won't be the last.

Source : ICEBRG


Post a comment