Researchers have uncovered four malicious extensions with more than 500,000 combined downloads from the Google Chrome Web Store, a finding that highlights a key weakness in what's widely considered to be the Internet's most secure browser.
Google has since removed the extensions. Researchers stumbled on the find after detecting a suspicious spike in outbound network traffic coming from a customer workstation. They soon discovered it was generated by a Chrome extension called HTTP Request Header as it used the infected machine to surreptitiously visit advertising-related Web links.Read more
Malicious browser extensions continue to bear fruit for hackers who have been using them to spread banking malware and adware, and hijacking popular add-ons to spread other nasty code.
The latest abuse involves a Google Chrome extension being spread in phishing emails that steals any data posted online by victims. This is a departure from previous attacks that monitor browser activity for specific URLs and extract credentials. This campaign may be limited to Brazil and other Portuguese-speaking nations, according to Renato Marinho, chief research officer at Morphus Labs and a SANS Internet Storm Center (ISC) handler.Read more
Twice in five days, developers of Chrome browser extensions have lost control of their code after unidentified attackers compromised the Google Chrome Web Store accounts used to issue updates.
The most recent case happened Wednesday to Chris Pederick, creator of the Web Developer extension. Last Friday, developers of Copyfish, a browser extension that performs optical character recognition, also had their account hijacked. In both cases, the attackers used the unauthorized access to publish fraudulent updates that by default are automatically pushed to all Chrome users who have the extensions installed.Read more
A new Google Chrome bug has been uncovered, which reportedly allows websites to record audio and video, without alerting the user or providing any visual indicators. Although the bug requires users to grant it permission to access audio and video features, it could potentially be used for spying on targets.
The bug was reportedly discovered by AOL developer Ran Bar-Zik, who reported the flaw to Google. However, Google said that it doesn't consider the issue to be valid security vulnerability, indicating that there is no quick fix on the way. Bar-Zik told that he came across the bug at work, when handling a website that ran WebRTC code.Read more
While going through the web browsing, annoying adverts get on your nerves and you are unable to do anything to get rid of them except closing them again and again. Sometimes, these advertisements are very useful in some context, but often, they are annoying and of course, you would like to find out a way to get rid of them.
Well! What you can do is to select an extension or app to block website ads. It is also necessary for you to get because, the appearance of these adverts can make your system slower down and thus, the website, you want to open will be also loaded slowly. It is incredibly irritating when you find yourself helpless before them.Read more
The actor behind the Kovter Trojan has come up with a new persistence mechanism over the past weeks and also started masquerading the malware as a Chrome update, Microsoft security researchers warn.
It’s a well-known fact that cybercriminals are constantly updating their malicious applications to ensure increased efficiency, and the people behind Kovter have been very active in this regard over the past several months: in April, they added ransomware capabilities to this file-less Trojan, while starting to masquerade it as a Firefox update several weeks ago. Now, Microsoft Malware Protection Center researchers reveal that the actor has updated Kovter’s persistence method.Read more
A banking and personal information stealing mobile malware posing as a Google Chrome update for Android, and which can't be removed from the infected device, has been spotted in the wild by cybersecurity researchers.
The infostealer malware - discovered by the Zscaler ThreatLabZ research team - is capable of harvesting banking information, call logs, SMS data and browser history which are all sent to a remote command-and-control server. Rather than being served by one URL, the malware squats on multiple domains which are similar to existing Google updates.Read more
Slovenia-based Bitcoin exchange portal Bitstamp is warning users of a Google Chrome extension that steals their Bitcoin when making a transfer.
The extension's name is BitcoinWisdom Ads Remover and is a Chrome extension that removes ads from the BitcoinWisdom.com, a website for consulting all kinds of Bitcoin-related statistics, all presented in easy-to-understand charts. According to Bitstamp, a website that lets users exchange Bitcoin for US dollars, this extension contains malicious code that is redirecting payments to its own Bitcoin address, instead of the one intended by the user making the transaction.Read more
The popular Google Chrome browser has some of the best security tools baked in with features such as Safebrowsing which protects users from malicious websites. By extension, ChromeOS which powers the affordable Chromebooks is indeed one of the safest systems one can get these days.
Even though the surface of attack is smaller than that of a typical Windows PC, online crooks will always find a way to abuse the system. One of the main points of entry is via rogue browser extensions which are increasingly becoming a problem and are being leveraged in various types of attacks ranging from data theft, spying, pop up ads and more.Read more
Anyone who likes to use their computer as a release, pay attention because your secret browsing might not be quite so secret. A bug has been discovered meaning that users of Google Chrome with Nvidia graphics chips don't always get Incognito Mode, even when the machine says it's on.
The rub of the story came from blogger charliehorse55 who explained that after a furious session of present buying, he decided to play Diablo III and was confronted, not with the loading screen, but an unloading screen showing all of the presents. It turns out this is just the tip. Nvidia GPUs don't flush the memory buffer at the end of a browsing session, and neither does Google Chrome.Read more