A new report released by the Cisco Duo security team reveals a scary scam. According to their findings, several extensions to Google Chrome were used to spread malware and other fraudulent practices.
If you have an extension installed that is not working as intended, this may be an alarm signal. This is because many of the infected extensions imitated similar trusted ones, in order to deceive users when installing them.
Google removed more than 500 malicious extensions
The Cisco report says there were more than 500 extensions that Google removed in light of its findings. These will have been installed by more than 2 million users, which is a scary number.
Google’s action not only removed these extensions from the Chrome repository, but removed them from the browsers on which they had been installed. So it is safe to say that you will no longer have to worry about those that have already been identified, but only with those that may appear in the future.
Collection of data and phishing were common
As in many of these cases, users were inundated with false advertising. This was the vehicle used to take users to pages created by the attackers.
From these pages, various data were collected from users, monitoring of their actions and elaboration of phishing. All of this was done without the user’s knowledge.
There were other cases where affiliate links lead users to the pages of companies like Best Buy or Macy. In other cases, they were taken to locations where malware was downloaded to their equipment.
This is not the first case of fraudulent Chrome extensions
In the past, cases have been discovered in which several extensions of Google Chrome were the vehicle for illicit activities. One of the most popular occurred in 2018, where attackers used this channel to steal user credentials, cryptocurrency mining and fraudulent clicks.
That said, our readers can never be too alert to be careful with the extensions they download. You should pay attention to their origin and the promises it makes. Remember, “when alms are too much, the poor suspect”.
EBox editors recommend: