Chrome Extensions Labelled Rogue
A security firm says four malicious extensions for Google Chrome were downloaded a total of more than half a million times. It's asking why Google's vetting process didn't weed the malware earlier.
Extensions in Chrome are similar to add-ons for other browsers - namely, third-party tools that improve the web browsing experience. Common examples include ad-blockers, password managers and tools for downloading videos from web pages (such as Youtube).
Because extensions have some level of access to a user's Internet data (and even some control over their browsing), Google has some security measures in place. It only recommends installing extensions from the official Chrome web store, where developers must use a Google account to verify themselves.
Google also vets extensions before they go live in the store, though the sheer number of extensions means this process is largely automated and works based on checklists of known characteristics and rogue tactics.
Scammers Bypassed Security Check
Security services company ICEBRG recently spotted some unusual traffic from one of its clients. When it investigated the issue, it found four extensions - Change HTTP Request Header, Lite Bookmarks, Nyoogle and Stickies - all posed a security risk. All four have been removed from Google's Chrome Webstore since ICEBRG went public with its findings. (Source: icebrg.io)
The risk involved JavaScript, a programming language used for interactive features on websites. By default, Chrome verifies JavaScript code for signs of malicious intent before running it. In addition to that, there's also a block on extensions from using code run outside of the browser in order to circumvent the verification. The extensions in question were set up to bypass this block. (Source: threatpost.com)
Extensions Used For Click Fraud
The limited 'good news' in this case is that it appears the people behind the rogue extensions were simply using it to have the computers make behind-the-scenes 'visits' to web pages hosting pay-per-click advertisements. This boosts the level of traffic to the site hosting the advertisements, and thus helps defraud the advertisers.
ICEBRG warns that methods used to make the extensions rogue can still be used to directly harm the user while using the browser.
What's Your Opinion?
Do you use Chrome extensions? If so, what checks do you make on an extension before installing it, or do you simply trust Google? Should or could Google do more to stop rogue extensions appearing in its store?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Am I vulnerable?
I don't use Chrome and therefore don't have Chrome extensions but I have Stickies (one of the extensions mentioned in the report) installed as a standalone app on my Win 7 Pro machine (publisher is Zhorn Software). Am I in danger aswell?
Chrome Extensions Labelled Rogue
Hi
On my phone which is a Samsung Galaxy J1 I recently keep getting a message to disable Google Play Video as it could destroy my phone. I have uninstalled and disabled it frequently every day but it keeps coming back. I can't just remove all Google from my phone as I subscribe to Google Play Music and back my phone up to my Gmail account. Is this one of the Rogue Extensions to which you refer and how do I get rid of it. I never installed it and it seems to come by default. It has remained dormant since I purchased my phone in 2016 and the problem only surfaced a few weeks or months ago. Any help would be appreciated.
Force stop and disable app
If you can't remove an app you can force stop / uninstall any updates, then force stop / disable it. This should prevent it from running again or updating.