Popular Chrome extensions hijacked by hackers in widespread cyberattack — 3.2 million at risk – Tom’s Guide
POZNAN, POL - SEP 23, 2020: Laptop computer displaying logo of Google Chrome, a cross-platform web browser developed by Google
Legitimate browser extensions were turned bad through malicious updates
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Just like you should with the apps on your phone, you also want to periodically go through your browser extensions and check to see which ones you have installed and what permissions you’ve given them access to. The reason for this is that you could have a malicious extension (or even several) installed in your web browser and not even know it.As reported by Notebookcheck, a number of popular extensions that enable things like dark mode and adblocking in Google’s browser have been hijacked by hackers, putting 3.2 million Chrome users at risk.Although a malicious extension might not sound as dangerous as a malicious app on your phone, we store all sorts of personal and sensitive data in our browsers. From our browsing history and cookies to passwords and even payment information, all of this data can be stolen and used against us by hackers in their attacks.Here’s everything you need to know about this latest batch of malicious extensions along with some tips and tricks on how you can protect your devices and your data.As is often the case with campaigns like this one, all of the malicious extensions in question are utilities designed to improve your browsing experience. From add-ons for YouTube to emoji keyboards and adblockers, each one of these extensions likely seemed useful enough that the Chrome users who installed them didn’t think twice before doing so.One thing that did stand out to the security researchers at GitLab Threat Intelligence that discovered these malicious extensions though is the permissions they requested access to. For instance, all of these extensions use permissions that allow them to interact with any website a user visits but they also let them inject and execute code on web pages.While all of the extensions listed below have since been removed from the Chrome Web Store, you will still need to manually delete them if they’re currently installed in your browser:Get instant access to breaking news, the hottest reviews, great deals and helpful tips.Normally with malicious extensions or apps, they’re made from the ground up with the sole purpose of stealing data and their advertised functionality is an afterthought or just tacked on so that they can be listed in an official store. With the extensions above though, this wasn’t the case at all.Instead, these were actual, legitimate extensions that went bad as a result of having malicious updates injected into them. The way in which the hackers gained control over these extensions is also a bit different.While some of their developers fell victim to phishing attacks which led to their extensions being outright hijacked, others willingly transferred control of their extensions over to the hackers behind this campaign.So what was the purpose behind gaining control of these extensions in the first place? Well, some were used to inject harmful scripts into the browsers of unsuspecting users, others stole their data and some engaged in search engine fraud to drive clicks (and ad revenue) to hacker-controlled sites.If you have any of these extensions installed in Chrome, you should remove them immediately and use one of the best antivirus software solutions to scan your computer for signs of malware or other viruses.In a similar way to how plug-ins can enhance your favorite software, browser extensions can make using the web more more convenient while also giving you the ability to customize certain aspects of your favorite sites.The problem though is that few browser extensions aren’t as big or as popular as the apps on your smartphone. In fact, many extensions are made by solo developers or smaller companies which can make it more difficult to tell whether or not they are legitimate. This is why you want to carefully examine all of the permissions an extension requests access to before installing it and especially before granting access to them.Unnecessary permissions can be found in loads of extensions and apps which is why you need to ask yourself if this particular extension or software really needs access to them in the first place. The permissions an extension requests can also serve as a major red flag and help you decide whether or not it’s malicious.Reading reviews and looking at ratings can help weed out the bad ones but you also want to take both of these with a grain of salt since they can be faked. It may be difficult to find but it’s always a good idea to look for an external review — or better yet a video review — on an extension you want to install first before you add it to your browser.As I covered in the campaign described above, even good extensions can go bad which is why you should periodically audit which extensions you have installed in your browser. If you haven’t used a particular extension in some time, it’s better to remove it from your browser than to keep it installed. Likewise, by limiting the number of extensions you have installed, you can lower your chances of having a malicious one in your browser significantly.Whether its extensions or apps, hackers and other cybercriminals aren’t going to stop spreading malicious software anytime soon. This is why it’s up to you to practice good cyber hygiene, limit how many you have installed and think carefully when granting a particular extension or app access to the permissions it requests upon installation.Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. Please logout and then login again, you will then be prompted to enter your display name.Big tech has handed the US government 3.1 million user accounts in the last 10 yearsGoogle just made it easier to remove your personal info from search results — here’s how to do it7 top new movies and shows to stream this weekend on Netflix, Hulu and more (Feb. 28-March 2)
Tom’s Guide is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
©
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
New York,
NY 10036.
