Enlarge / On the left, a legitimate Chrome extension.
On the right, one of seven recently discovered malicious Chrome extensions impersonating it.
(credit: Radware)
Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud.
The malicious extensions were hosted in Google official Chrome Web Store.
The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday.
Google's security team removed five of the extensions on its own and removed two more after Radware reported them.
In all, the malicious add-ons infected more than 100,000 users, at least one of which was inside a "well-protected network" of an unnamed global manufacturing firm, Radware said.
Secure browser, weak link
Over the past eight months, malicious Chrome extensions have proved to be an Achilles' heel for the Internet's most widely used and arguably most secure browser.
Last August, lax rules for securing extension-developer accounts led to the compromise of two extensions installed on millions of computers.
In two separate incidents in January, researchers found at least five malicious extensions installed more than 500,000 times.
Two weeks ago, Trend Micro documented the return of FacexWorm, a malicious extension that was first spotted seven months earlier.
Read 8 remaining paragraphs | Comments
Technology
Destructive Chrome extensions infect 100,000-plus users, again
Download Android App Share in FullScreen CheckVideos
Unlimited Portal Access + Monthly Magazine - 12 issues-Publication from Jan 2021 |
Buy Our Merchandise (Peace Series)
- Details
- Category: Technology
25