Hundreds more malicious Google Chrome extensions taken down

News
By published

Malvertising campaign using Chrome extensions operated for at least two years

(Image credit: Pixabay)

Google has removed over 500 malicious Chrome extensions from its official Web Store.

The extensions, which have now been removed from the Web Store and deactivated in users' browsers, injected malicious ads into users' web browsing sessions. The malicious code injected by the extensions was set to activate under certain conditions and redirect users to specific sites.

While at times the extensions would lead users to legitimate sites such as Macy's, Dell or BestBuy through affiliate links, they also led users to known malware download sites or phishing pages.

According to a new report from Cisco's Duo Security team and independent security researcher Jamila Kaya, the extensions were part of a larger malware operation that has been active for at least two years. However, the research team behind the report also believes the group behind this operation may have been active since the early 2010s.

Malicious Chrome extensions

The operation was discovered by Jamila Kaya who first found the malicious extensions while threat hunting when she noticed a common URL pattern in visits to malicious sites.

Kaya then used a service for analyzing Chrome extensions called CRXcavator that helped her locate the initial group of extensions which share a nearly identical codebase but used generic names to mask their true activity. She provided further insight on her discovery in an interview with ZDNet in which she said:

"Individually, I identified more than a dozen extensions that shared a pattern. Upon contacting Duo, we were able to quickly fingerprint them using CRXcavator's database and discover the entire network. We subsequently reached out to Google with our findings, who were receptive and collaborative in eliminating the extensions." 

According to Cisco Duo, the first set of extensions was installed by over 1.7m Chrome users. However, Google launched its own investigation and found even more extensions that fit the same pattern which led to the search giant banning over 500 extensions.

Google has removed the malicious Chrome extensions from its official Web Store as well as deactivated them inside users' browsers to prevent even more users from falling victim to this malvertising scam.

Via ZDNet

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
FlexiSpot office furniture next to a TechRadar-branded badge that reads Big Savings.

Upgrade your home office for under $500 in the Amazon Spring Sale: My top picks and biggest savings
See more latest
Most Popular
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar is a new microphone with the world's first Bluetooth audio gateway in a wired gaming mic
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
Data leak
A major Keenetic router data leak could put a million households at risk
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 26 (game #1157)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, March 26 (game #388)