News

Google removes 500 malicious Chrome extensions

By admin
Spread the love

Google has removed 500 Chrome extensions from its Chrome Web Store after security researchers reported to the company that malicious parties were misusing a large number for malvertising – fraudulent acts for advertising purposes.

Researchers at Cisco’s Duo Security found multiple Chrome extensions masquerading as advertising-as-a-service applications, but used to connect to a command-and-control architecture and siphon browser data without the user’s knowledge.

The extensions were therefore able to inject malicious ads into users’ browsing sessions. That advertising was able to redirect users to pages with affiliate links, but also to pages with further malware. The extensions attempted to evade the Chrome Web Store’s fraud detection mechanisms.

After investigation, Duo Security found out that a whole network of similar extensions was active and the company was able to identify 70 of them using CRXcavator. They were installed by more than 1.7 million users, based on figures from the Chrome Web Store itself. After notifying Google of the findings, that browser maker found a total of 500 extensions that showed the same pattern as the reported extensions.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Brave sells web content as data for AI training

News

Firefox beta has support for Nvidia video upscaling technique

News

Valve releases major Team Fortress 2 update with community maps and new taunts