Security researchers from US cyber-security firm ICEBRG have unearthed four Chrome extensions which were being deployed as a payload for malicious code. The worst part is that all of the extensions were available on the Google’s Chrome Web store. As per the researchers, the Chrome extensions were designed in such a way that it could send malicious codes to users browsers via JavaScript code and in turn, the attackers will eventually load a site at the background and start clicking on ads.
Security researchers from US cyber-security firm ICEBRG have unearthed four Chrome extensions which were being deployed as a payload for malicious code. The worst part is that all of the extensions were available on the Google’s Chrome Web store. As per the researchers, the Chrome extensions were designed in such a way that it could send malicious codes to users browsers via JavaScript code and in turn, the attackers will eventually load a site at the background and start clicking on ads.
Nyoogle, Lite Bookmarks, Stickies, Change HTTP Request Header rogue extensions
The affected rogue extension list includes Change HTTP Request Header, Nyoogle-Custom Logo for Google, Lite Bookmarks and Stickies- Chrome’s Post-it Notes.
The total number of users who were actively using the extension is pegged at more than 500,000 and the ICEBRG security firm has already noted this and informed the National Cyber Security Centre of the Netherlands (NCSC-NL), Google Safe Browsing Operations Team and the United States Computer Emergency Readiness Team (US-CERT.)
At this point, all the four extensions are removed from the Chrome Web Store with Nyoogle being the last. That being said just because Google has removed the extension from the web store doesn’t mean that the extension ceases to exist. If you had downloaded any of the above-mentioned Chrome browser extensions simply uninstall and clean their systems. At this juncture, it is still unclear if the same group was behind all the rogue extensions. However, ICEBRG has said that the four extensions employed similar techniques and procedures.
This entire incident also highlights the problem of maintaining workstation hygiene. In this case, the trust factor was high since the extension was available on the official Google Chrome web store. Thankfully the attacker is not using the code for anything other than the fake ad clicking scam. However, it is very much possible for attackers to use this technique and bring down an entire network or organization.
Read the full details at the source.