A researcher with AdGuard discovered five fake ad-blocking extensions in the Chrome Web Store that used hidden scripts to manipulate users’ browsers. The good news is, after AdGuard published the report, the Chrome team removed all five of the extensions from its store.
Unfortunately, AdGuard’s Andrey Meshkov reports that the extensions he discovered had more than 20 million users. Posing as ad blockers, the malicious extensions simply copied code from real ad blockers and then added to them. “All the extensions I’ve highlighted are simple rip-offs with a few lines of code and some analytics code added by the ‘authors,’” Meshkov wrote.Read more
Security researchers have uncovered 89 malicious Google Chrome extensions on the official Chrome store that can inject ads, code to secretly mine cryptocurrency, and load a tool to record and replay a person's browsing activities. This collection of extensions affected over 423,000 users and was used to form a new botnet called "Droidclub."
In November 2017, Princeton's Center for Information Technology highlighted the use of legitimate session-replay scripts on popular, high-traffic websites by third-party analytics firms. These scripts are used to record and replay a user's visit to a website, allowing the site owner to figure out what the user saw.Read more
Researchers have uncovered four malicious extensions with more than 500,000 combined downloads from the Google Chrome Web Store, a finding that highlights a key weakness in what's widely considered to be the Internet's most secure browser.
Google has since removed the extensions. Researchers stumbled on the find after detecting a suspicious spike in outbound network traffic coming from a customer workstation. They soon discovered it was generated by a Chrome extension called HTTP Request Header as it used the infected machine to surreptitiously visit advertising-related Web links.Read more
Malicious browser extensions continue to bear fruit for hackers who have been using them to spread banking malware and adware, and hijacking popular add-ons to spread other nasty code.
The latest abuse involves a Google Chrome extension being spread in phishing emails that steals any data posted online by victims. This is a departure from previous attacks that monitor browser activity for specific URLs and extract credentials. This campaign may be limited to Brazil and other Portuguese-speaking nations, according to Renato Marinho, chief research officer at Morphus Labs and a SANS Internet Storm Center (ISC) handler.Read more
Twice in five days, developers of Chrome browser extensions have lost control of their code after unidentified attackers compromised the Google Chrome Web Store accounts used to issue updates.
The most recent case happened Wednesday to Chris Pederick, creator of the Web Developer extension. Last Friday, developers of Copyfish, a browser extension that performs optical character recognition, also had their account hijacked. In both cases, the attackers used the unauthorized access to publish fraudulent updates that by default are automatically pushed to all Chrome users who have the extensions installed.Read more
A new Google Chrome bug has been uncovered, which reportedly allows websites to record audio and video, without alerting the user or providing any visual indicators. Although the bug requires users to grant it permission to access audio and video features, it could potentially be used for spying on targets.
The bug was reportedly discovered by AOL developer Ran Bar-Zik, who reported the flaw to Google. However, Google said that it doesn't consider the issue to be valid security vulnerability, indicating that there is no quick fix on the way. Bar-Zik told that he came across the bug at work, when handling a website that ran WebRTC code.Read more
While going through the web browsing, annoying adverts get on your nerves and you are unable to do anything to get rid of them except closing them again and again. Sometimes, these advertisements are very useful in some context, but often, they are annoying and of course, you would like to find out a way to get rid of them.
Well! What you can do is to select an extension or app to block website ads. It is also necessary for you to get because, the appearance of these adverts can make your system slower down and thus, the website, you want to open will be also loaded slowly. It is incredibly irritating when you find yourself helpless before them.Read more
The actor behind the Kovter Trojan has come up with a new persistence mechanism over the past weeks and also started masquerading the malware as a Chrome update, Microsoft security researchers warn.
It’s a well-known fact that cybercriminals are constantly updating their malicious applications to ensure increased efficiency, and the people behind Kovter have been very active in this regard over the past several months: in April, they added ransomware capabilities to this file-less Trojan, while starting to masquerade it as a Firefox update several weeks ago. Now, Microsoft Malware Protection Center researchers reveal that the actor has updated Kovter’s persistence method.Read more
A banking and personal information stealing mobile malware posing as a Google Chrome update for Android, and which can't be removed from the infected device, has been spotted in the wild by cybersecurity researchers.
The infostealer malware - discovered by the Zscaler ThreatLabZ research team - is capable of harvesting banking information, call logs, SMS data and browser history which are all sent to a remote command-and-control server. Rather than being served by one URL, the malware squats on multiple domains which are similar to existing Google updates.Read more
Slovenia-based Bitcoin exchange portal Bitstamp is warning users of a Google Chrome extension that steals their Bitcoin when making a transfer.
The extension's name is BitcoinWisdom Ads Remover and is a Chrome extension that removes ads from the BitcoinWisdom.com, a website for consulting all kinds of Bitcoin-related statistics, all presented in easy-to-understand charts. According to Bitstamp, a website that lets users exchange Bitcoin for US dollars, this extension contains malicious code that is redirecting payments to its own Bitcoin address, instead of the one intended by the user making the transaction.Read more