We all use web browsers every day and to ease or to extend the functionality of our browsers, we often use extensions. Extensions are basically small programs for our browsers to perform some specific tasks. It looks like some extensions were performing malicious activities that they were not supposed to do.
A security research firm ICEBERG has discovered four malicious extensions on the web store of Google Chrome browser. A network usage spike on a user’s computer draw the attention of the firm and the company performed a test to discover that an extension called HTTP Request Header was performing a malicious activity. However, the extension contains no harmful code, it visits advertising-related web links without the knowledge of the users using Malicious JavaScript Injection and Browser Proxying. Later, three more extensions were found that were also injecting Malicious JavaScript codes, the three extensions are Nyoogle, Stickies, and Lite Bookmarks.
As soon as Google was told about the malicious extension, the company quickly responded to the reports and they have removed the above-mentioned extensions from the Chrome Web Store. Unfortunately, by the time it was found, the combined downloads of the extensions from the Chrome Web Store were around 500,000.
With that being said, it is not the first time that Chrome has been a target for malicious extensions and it may continue to be targeted but for now, if you have installed any of the malicious extensions, you should remove them immediately and start looking for alternatives.
“Hygiene of user workstations is a difficult problem to tackle, made even more difficult by the exhaustive number of ways that code can execute through seemingly legitimate applications and plugins. In this case, the inherent trust of third-party Google extensions, and accepted risk of user control over these extensions allowed an expansive fraud campaign to succeed. In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks,” search firm ICEBERG said in a blog post.
