Four malicious extensions in the Chrome Web Store have already been downloaded over 545,000 times
It is undeniable that browser add-ons significantly simplify your life: and this allows for faster translation of content, and this is followed by punctuation of typed text, and this blocks ads and malicious scripts. However, it often happens that the official repositories with extensions receive programs that harm more than they help.
Experts from ICBRG found in the Google Web Store four malicious plugins, allegedly extending the functionality of our browsers:
- Nyoogle - Custom Logo for Google ( still available in the Chrome Web Store)
- Change HTTP Request Header
- Lite Bookmarks
- Stickies - Chrome's Post-it Notes
- injecting advertisements into websites;
- injecting frames with downloading of malicious software;
- spying the victim for viewed websites;
- access to websites on the local network;
The analysis presented by ICBRG shows that the authors (or the author) of these extensions used them mainly to inject advertisements, on which they earned for each click.
The practice of using advertisements in mobile applications or browser extensions is often encountered by security researchers. Not so long ago , Skype has redirected ads to pages with malicious content. In turn , applications displaying pornographic materials were found on Google Play , and a banking Trojan was found in YouTube ads .
Either way, you can protect yourself against such "secure" applications and extensions. Software from well-known manufacturers already contains modules to protect against malicious plugins. It's a good idea to look through all the components of your security program and find functionalities that indicate protection against unwanted search bars or other burdensome browser add-ons.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.