500+ extensions with millions of downloads!
Duo Security, a wing of Cisco has made research along with an independent researcher called Jamila Kaye. This resulted in discovering over 500 extensions of Chrome being involved in ad fraud, malvertising and even potential phishing attacks. The extensions, which are simply added from Chrome store, can purportedly be collecting log data from user browser and connecting them to ad servers from displaying ads. Aside from ad fraud, there are extensions which redirect users into malicious sites and even download malware payloads. These can be quite harmful, yet, users add such extensions falling for their proposed use. While some redirections are onto untrusted sites, few redirections are of legitimate sites like Dell, Macy’s or Bestbuy. Initial reports from Kaye’s research tell that these extensions are in existence for over two years now, but after Google scanning for all such malicious a extensions, they’ve found over 430 extensions (totalling to 500+) that are operating since 2010! Firstly discovered 71 extensions from Kaye’s research had over 1.7 million installations. As of now, Google has taken these extensions down from its Store, but there’s always a way around. Adversaries can find new techniques to circumvent the approval process of their extensions and prey on users repeatedly. Users seem okay with such redirections and viewing ads for the sake of extensions’ service, but it’s harmful to the system health in the long run. Those malicious extensions which were currently installed in any systems were deactivated by Google eventually.
