Security researchers recently identified more than 30 malicious extensions that had made their way into the Chrome web store, potentially infecting millions.
The first to raise the alarm on these extensions was security researcher Wladimir Palant, who discovered three weeks ago that the PDF Toolbox extension for Chrome contained obfuscated code that allowed a third-party website to inject JavaScript code into all websites that the user visited.
After being tipped off that another extension was also making requests to the same third-party website, namely serasearchtop[.]com, the researcher discovered two more versions of the code (including one connecting to tryimv3srvsts[.]com) and a total of 34 extensions containing it, in the Chrome web store.
Overall, the identified extensions showed an install base of roughly 87 million users, with the most popular of them being Autoskip for Youtube (9 million users), Soundboost (7 million), Crystal Ad block (6 million), and Brisk VPN (5 million).
Most of the identified extensions had more than one million downloads each, but it is possible that these numbers were artificially inflated.
According to cybersecurity firm Avast, which identified 32 malicious extensions with a total of 75 million combined installs, the number of reviews these extensions had in the Chrome web store was suspiciously low compared to the number of installs.
“What’s more, we found that the number of people who encountered the threat isn’t proportional to the number of installs from the Chrome Web Store,” Avast says.
What is alarming, however, is the large number of extensions that were found to contain the obfuscated code. According to Avast, aside from the 32 extensions it identified, 50 more were removed from the Chrome web store on the same grounds.
The purpose of the malicious code appeared related to displaying unwanted ads and hijacking search results to display sponsored links, but the security researchers have yet to analyze the full scope of the attack.
Google has removed all the malicious extensions from the Chrome web store.
Related: Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
Related: Chrome 114 Released With 18 Security Fixes
Related: Chrome 113 Security Update Patches Critical Vulnerability
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
