Four malicious extensions in the Chrome Web Store have already been downloaded over 545,000 times

It is undeniable that browser add-ons significantly simplify your life: and this allows for faster translation of content, and this is followed by punctuation of typed text, and this blocks ads and malicious scripts. However, it often happens that the official repositories with extensions receive programs that harm more than they help.

Experts from ICBRG found in the Google Web Store four malicious plugins, allegedly extending the functionality of our browsers:

  • Nyoogle - Custom Logo for Google ( still available in the Chrome Web Store)
  • Change HTTP Request Header
  • Lite Bookmarks
  • Stickies - Chrome's Post-it Notes


If we sum up the downloads, it turns out that we have over 545,000 infected user systems who have been exposed (without their knowledge) to injecting and executing JavaScript code in the browser. Here are examples of JavaScript code usage scenarios:

  • injecting advertisements into websites;
  • injecting frames with downloading of malicious software;
  • spying the victim for viewed websites;
  • access to websites on the local network;

The analysis presented by ICBRG shows that the authors (or the author) of these extensions used them mainly to inject advertisements, on which they earned for each click.

The practice of using advertisements in mobile applications or browser extensions is often encountered by security researchers. Not so long ago , Skype has redirected ads to pages with malicious content. In turn , applications displaying pornographic materials were found on Google Play , and a banking Trojan was found in YouTube ads .

Either way, you can protect yourself against such "secure" applications and extensions. Software from well-known manufacturers already contains modules to protect against malicious plugins. It's a good idea to look through all the components of your security program and find functionalities that indicate protection against unwanted search bars or other burdensome browser add-ons.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.