A report by security company Radware suggests that Google Chrome users were exposed to yet another wave of malicious extensions offered to them on the official Chrome Web Store.
The extensions were used to perform "credential theft, cryptoming, click fraud, and more" according to Radware.
The company detected the family of new malware for Google Chrome with the help of machine-learning algorithms which it ran on a customer's computer network.
According to Radware's analysis, the malware has been active since at least March 2018. It infected more than 100,000 user devices in over 100 countries, and pushed at least seven different Chrome extensions with malicious content using the following attack vector:
The extensions that the attackers used were copies of popular Chrome extensions with malicious, obfuscated code, added to them.
Radware identified the following extensions:
You can check the company blog for extension IDs and other information. Google removed all of them in the meantime.
The malware has multiple purposes:
The attackers created several protective measures to prevent users from interfering with the operation.
The identification of the malware happened by accident. Radware's machine-learning algorithm detected the malware and that led to the identification of the network and the removal from the Google Chrome Store.
Considering that the attackers operated the extensions as early as March 2018, it is clear -- again -- that Google's protective system does not work properly.
Chrome users need to verify any extension before they hit the install button. A rule of thumb is that you should never install extensions that prompt you to do so outside of the Chrome Web Store but since malicious extensions are always hosted in the Store, it is not a 100% safeguard against these.
The main issue here is that the majority of users can't verify if a Chrome extension is legitimate or not as it requires analyzing its code.
This leaves running Chrome without extensions as the only option to stay safe.
Now You: do you run Chrome extensions? Do you verify them before installation?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.