Enlarge (credit: ICEBRG) Researchers have uncovered four malicious extensions with more than 500,000 combined downloads from the Google Chrome Web Store, a finding that highlights a key weakness in what’s widely considered to be the Internet’s most secure browser. Google has since removed the extensions. Researchers from security firm ICEBRG stumbled on the find after detecting a suspicious spike in outbound network traffic coming from a customer workstation. They soon discovered it was generated by a Chrome extension called HTTP Request Header as it used the infected machine to surreptitiously visit advertising-related Web links. The researchers later discovered three other Chrome extensions—Nyoogle, Stickies, and Lite Bookmarks—that did much the same thing. ICEBRG suspects the extensions were part of a click-fraud scam that generated revenue from per-click rewards. But the researchers warned that the malicious add-ons could just as easily have been used to spy on the people or organizations who installed them. “In this case, the inherent trust of third-party Google extensions, and accepted risk of user control over these extensions, allowed an expansive fraud campaign to succeed,” ICEBRG researchers wrote in a report published Friday. “In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks.” Read 3 remaining paragraphs | Comments Source: https://arstechnica.com/?p=1245379 Tags: > Tech and Science | #ScienceTech, #pch3lp, #TechNews, Malware Alert | #Malware, news, pch3lp, PCH3lp, TechNews
Original Post: https://droolindog.net/2018/01/16/google-chrome-extensions-with-500000-downloads-found-to-be-malicious/
Original Post: https://droolindog.net/2018/01/16/google-chrome-extensions-with-500000-downloads-found-to-be-malicious/
No comments:
Post a Comment