Enlarge (credit: ICEBRG)
Researchers have uncovered four malicious extensions with more than 500,000 combined downloads from the Google Chrome Web Store, a finding that highlights a key weakness in what’s widely considered to be the Internet’s most secure browser.

Google has since removed the extensions.
Researchers from security firm ICEBRG stumbled on the find after detecting a suspicious spike in outbound network traffic coming from a customer workstation.

They soon discovered it was generated by a Chrome extension called HTTP Request Header as it used the infected machine to surreptitiously visit advertising-related Web links.

The researchers later discovered three other Chrome extensions—Nyoogle, Stickies, and Lite Bookmarks—that did much the same thing.
ICEBRG suspects the extensions were part of a click-fraud scam that generated revenue from per-click rewards.

But the researchers warned that the malicious add-ons could just as easily have been used to spy on the people or organizations who installed them.
“In this case, the inherent trust of third-party Google extensions, and accepted risk of user control over these extensions, allowed an expansive fraud campaign to succeed,” ICEBRG researchers wrote in a report published Friday. “In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks.”
Read 3 remaining paragraphs

Leave a Reply