We all use web browsers every day and to ease or to extend the functionality of our browsers, we often use extensions. Extensions are basically small programs for our browsers to perform some specific tasks. It looks like some extensions were performing malicious activities that they were not supposed to do.
As soon as Google was told about the malicious extension, the company quickly responded to the reports and they have removed the above-mentioned extensions from the Chrome Web Store. Unfortunately, by the time it was found, the combined downloads of the extensions from the Chrome Web Store were around 500,000.
With that being said, it is not the first time that Chrome has been a target for malicious extensions and it may continue to be targeted but for now, if you have installed any of the malicious extensions, you should remove them immediately and start looking for alternatives.
“Hygiene of user workstations is a difficult problem to tackle, made even more difficult by the exhaustive number of ways that code can execute through seemingly legitimate applications and plugins. In this case, the inherent trust of third-party Google extensions, and accepted risk of user control over these extensions allowed an expansive fraud campaign to succeed. In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks,” search firm ICEBERG said in a blog post.