CATEGORIES
home News

These Four Popular Google Chrome Extensions Infect Over A Half Million Users With Malware

by Paul LillyWednesday, January 17, 2018, 09:56 AM EDT
Google

Security researchers have uncovered malware hidden in four different extensions for Google's Chrome browser. Collectively, the four extensions have been downloaded and installed more than half a million times, including onto workstations within major organizations globally. While likely used to commit click fraud and search engine optimization (SEO), the number of installs could provide cyber criminals with a potent botnet.

"While revenues are not known, a similar botnet uncovered in 2013 yielded $6 million per month before it was taken down," security researchers at Icebrg, a computer security firm based in Seattle, Washington, stated in a report outlining the technical details of the malware.

The researchers discovered the malware while investigating an "unusual" uptick in outbound traffic from a customer workstation to a European VPS provider. Analysis of the traffic led them to a Chrome extension called HTTP Request, which was sending outbound traffic to websites with advertising attached.

Part of what's interesting here is that on the surface, the extension did not contain any overtly malicious code. However, there two items that could enable the execution of arbitrary JavaScript code.

"By design, Chrome’s JavaScript engine evaluates (executes) JavaScript code contained within JSON. Due to security concerns, Chrome prevents the ability to retrieve JSON from an external source by extensions, which must explicitly request its use via the Content Security Policy (CSP). When an extension does enable the ‘unsafe-eval’ permission to perform such actions, it may retrieve and process JSON from an externally-controlled server. This creates a scenario in which the extension author could inject and execute arbitrary JavaScript code anytime the update server receives a request," Icebrg explained in its report.

Further investigation led Icebrg to discover similar malware residing in three other Chrome extensions, including Stickies, Lite Bookmarks, and Nyoogle. That's what led them to believe they were being used to commit click-fraud to generate revenue from web ads.

"The total installed user base of the aforementioned malicious Chrome extensions provides a substantial pool of resources to draw upon for fraudulent purposes and financial gain. The high yield from these techniques will only continue to motivate criminals to continue exploring creative ways to create similar botnets," Icebrg added.

As always, do your research before downloading a browser extension (regardless of which browser you are using) and only download extensions from trusted sources.
Tags:  Chrome, Malware, Google, extensions, (nasdaq:goog)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment