Millions of Chrome users affected: Malicious extensions can steal your data
More than 75 million users have already downloaded them: Manipulated Chrome extensions pose a security risk.
Google has removed 32 malicious extensions from its Chrome Web Store. These are able to change search results and spread spam or unwanted advertising. In total, the extensions have been downloaded more than 75 million times.
As “Bleeping Computer” reports, the affected extensions have functions with which they can act unnoticed by the user.
Even if the affected extensions have been removed from the Chrome Web Store, this does not mean that they will be automatically disabled or uninstalled. Users should therefore take action themselves and remove the extensions.
Removed 32 malicious extensions from Google Chrome Store
Cybersecurity researcher Vladimir Palant became aware of the issue while looking at the PDF Toolbox extension. He discovered that it contained malicious code disguised as a legitimate extension API wrapper. According to Palant, this makes it possible to inject arbitrary JavaScript code into any website visited by the user.
The potential for abuse ranges from displaying advertising on websites to stealing sensitive user data. The code was set to activate 24 hours after the extension was installed. A typical behavior of malware.
Malicious code in Chrome extensions: These extensions are also affected
Besides the PDF Toolbox extension, which has been downloaded 2 million times, other malware-infected extensions have been identified and have been removed from the Chrome Web Store.
Some examples are:
Autoskip for Youtube – 9 million users
Soundboost – 6.9 million users
Crystal Ad Block – 6.8 million users
Brisk VPN – 5.6 million users
Clipboard Helper – 3.5 million users
Maxi Refresher – 3.5 million users
The complete list of all affected apps can be found here.
Although Palant reported the affected extensions to Google, they remained available on the web store. Only when the security company Avast reported to Google and identified 13 extensions as malicious in addition to the 19 reported by Palant, did Google take action and remove the extensions from the web store.
