4 Malicious Chrome Extensions Put 500k Users at Risk of Click Fraud

Haythem Elmir

Presence of spyware and malware in Chrome browser extensions we use to surf the web is nothing new as every other day we hear about a new strain of malware identified in an extension. Sometimes even the extension turns out to be fake and a piece of malware.

According to a report from ICEBRG, four Google Chrome extensions have been identified as malicious and targeting more than half a million Chrome users as well as workstations of a majority of high-profile organizations operating globally. The four extensions include:

  • Change HTTP Request Header
  • Lite Bookmarks
  • Nyoogle – Custom Logo for Google
  • Stickies – Chrome’s Post-it Notes

It is worth noting that Lite Bookmarks and Change HTTP Request Header have been removed from official Google Play Store.

Four Nefarious Google Extensions Putting Millions of Users at Risk of Click-fraud and SEO Manipulation
Change HTTP Request Header extension

The findings of the research were published in a blog post on Monday 15th January by two ICEBRG researchers namely Justin Warner and Mario De Tore. As per the report, these malicious extensions contain suspicious coding that affected over 500,000 users worldwide including corporate workstations. The extensions are used to carry out “click fraud” and “search engine optimization (SEO) manipulation.”

Moreover, these offer a strong foothold to threat actors because they can leverage these extensions to obtain access to corporate networks and user information. These extensions were discovered while the team of researchers at ICEBRG was investigating the sudden increment in outbound network traffic between a European VPS provider and a customer’s workstation.

“Chrome’s JavaScript engine evaluates JavaScript code contained within JSON. Due to security concerns, Chrome prevents the ability to retrieve JSON from an external source by extensions, which must explicitly request its use via the Content Security Policy (CSP),” wrote Warner and De Tore.

To read the original article:


Laisser un commentaire

Next Post

S'agit-il vraiment d'une attaque contre la banque centrale et quatre établissements financiers?

Mercredi le 17 Janvier 2018, la presse alchourouk vient de sortir un article concernant une attaque notée la plus grave pour la banque centrale ainsi que quatre établissements financiers. Sous le Titre la plus grave intrusion visant la banque Centrale et quatre établissements financiers: de cette manière le piratage des […]