Kaspersky reveals malicious Chrome extensions

Onur Demirkol
Jul 5, 2023

Kaspersky has revealed a list of malicious Google Chrome extensions in its blog post. The company has discovered over 30 Google Chrome extensions with malicious payloads that have received a combined 87 million downloads. One of the apps even had over 9 million downloads. The blog post also suggested users ways to defend themselves against these kinds of situations

The company's investigation was sparked by the discovery of the PDF Toolbox plugin, which allowed users to view any page and have any code placed on it. Additional investigations turned up a total of 34 harmful extensions, each of which was advertised as performing a particular function.

Although the browser add-ons have already been taken down from the Chrome Web Store, Kaspersky is quick to stress that users should check the list of suspicious add-ons and take any harmful ones off their devices because they will still be present. Here is the full list of extensions:

  • Autoskip for Youtube
  • Soundboost
  • Crystal Adblock
  • Brisk VPN
  • Clipboard Helper
  • Maxi Refresher
  • Quick Translation
  • Easyview Reader view
  • PDF Toolbox
  • Epsilon Ad blocker
  • Craft Cursors
  • Alfablocker ad blocker
  • Zoom Plus
  • Base Image Downloader
  • Clickish fun cursors
  • Cursor-A custom cursor
  • Amazing Dark Mode
  • Maximum Color Changer for Youtube
  • Awesome Auto Refresh
  • Venus Adblock
  • Adblock Dragon
  • Readl Reader mode
  • Volume Frenzy
  • Image download center
  • Font Customizer
  • Easy Undo Closed Tabs
  • Screence screen recorder
  • OneCleaner
  • Repeat button
  • Leap Video Downloader
  • Tap Image Downloader
  • Qspeed Video Speed Controller
  • HyperVolume
  • Light picture-in-picture
malicious chrome extensions

Palant found an "additional functionality"

"It all began when cybersecurity researcher Vladimir Palant found an extension called PDF Toolbox containing suspicious code in the Chrome Web Store. At first glance, it was a perfectly respectable plugin for converting Office documents and performing other simple operations with PDF files," said Kaspersky in the blog post.

"PDF Toolbox boasted an impressive user base and good reviews, with close to two million downloads and an average score of 4.2. However, inside this extension interesting “additional functionality” was discovered: the plugin accessed a serasearchtop[.]com site, from where it loaded arbitrary code on all pages viewed by the user," it continued.

According to the blog post, Palant found "a couple dozen" extensions on the Chrome Web Store accessing the same server. All these extensions had over 87 million downloads.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Andy Prough said on July 5, 2023 at 7:15 pm

    87 million downloads. Wow. As Iron Heart says, if you are going to use a chromium-based browser, you might want to go ahead and use one like Brave where you don’t really need any extensions, because most of the major features are already built into the browser.

    1. pHROZEN gHOST said on July 5, 2023 at 7:34 pm

      But, BIG BUT, Brave users could still have one of these bogus extensions installed. SO they need to check too.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.