Google has removed more than 500 malicious Chrome extensions from its web store after security researchers exposed the behavior of malware that inserts objectionable ads into users' browsing sessions
Cisco's Duo Security team shared a report with ZDNet and discovered malicious code that is activated under certain conditions and redirects users during browsing The redirects ranged from affiliate links on retail sites like Dell and BestBuy to malware downloads and phishing pages
According to the report, the malware-injecting extensions are related to a larger operation that has been in place for at least two years It is believed that the malicious vendors behind the code may have been active since the early 2010s
Security researcher Jamila Kaya told ZDNet that she discovered the network of malicious extensions during a routine threat investigation using Duo's free CRXcavator tool, which analyzes the security of Chrome plugins She noticed a common URL pattern among the redirected sites
"Individually, we identified over a dozen extensions that shared the pattern," Kaya told ZDNet
"Once we contacted Duo, they were able to use the CRXcavator database to quickly fingerprint and discover the entire networkDuo believes that 17 million users had installed the first extension Kaya identified However, Google flagged hundreds more malicious extensions in its own security sweep It is unclear how many of these 500+ plugins have been installed
Duo's report is a reminder that Google has an ongoing malware problem; security issues with Chrome extensions occur with alarming regularity The company is working to tighten restrictions on extensions, but there are still concerns
Google has removed over 500 malicious extensions from its web store and disabled them within users' browsers If you have a malicious extension installed in your browser, Google has labeled it as "malicious" and you should remove it and not reactivate it
Duo publishes an index of malicious extensions if you are unsure whether you have one or more malicious extensions installed in your browser
Security companies also recommend that you regularly audit your installed extensions, remove those you do not use, and flag those you do not recognize Some antivirus programs can detect and remove malicious browser extensions
Comments