Recommended reading

These dangerous fake Google Chrome extensions spoof VPNs and YouTube

News
By published

More than 100 extensions were seen stealing sensitive browser data

Google Chrome browser app on iPhone
(Image credit: Shutterstock)
  • DomainTools found more than 100 domains promoting fake browser extensions
  • These extensions impersonated legitimate products and reputable businesses
  • They were stealing sensitive data and executing malicious code remotely

Security researchers recently found more than 100 malicious browser extensions posing as legitimate tools. These extensions, distributed through various channels, but also found on the Google Chrome Web Store, were able to steal sensitive user information, as well as receive further commands to execute.

Google was notified of the findings and managed to remove most malware from its repository. Apparently, some still remain and continue to present a risk to the users.

This is all according to DomainTools, who claim to have spotted more than 100 fake domains promoting the tools, most likely through malvertising campaigns. The malware spoofed all sorts of legitimate products, from VPNs, to AI assistants, and cryptocurrency utilities, and impersonated some of the world’s biggest brands, including Fortinet, YouTube, or Calendly.

"The Chrome Web Store has removed multiple of the actor's malicious extensions after malware identification," DomainTools said. "However, the actor's persistence and the time lag in detection and removal pose a threat to users seeking productivity tools and browser enhancements."

The full list of malicious domains can be found on this link.

Abusing extensions

Add-ons and extensions are a great way to expand the browser’s features and thus enhance user productivity in a business environment.

For example, tools like Asana, Trello, or Grammarly can streamline workflows and improve writing accuracy, while password managers like LastPass can improve credential management.

However, they also handle a lot of sensitive information and are granted high-level permissions, which is why they’re often on the threat actors’ radars. That being said, not only are hackers looking for ways to break into legitimate tools, they often build fake ones, too.

With spoofed add-ons, they can gain high-level privileges without raising alarms, and can access sensitive information stored in the browser, such as passwords, or credit card data.

It is important that users only install the add-ons from reputable sources such as the Chrome Web Store, but even there - they should read the reviews and mind the download count because, as seen in this example, crooks can sometimes smuggle malware even past the greatest of gatekeepers.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.