Google has removed more than 500 malicious extensions fom Chrome Web Store. The step has been taken after research conducted by security researcher Jamila Kaya revealed that the malicious extensions were injecting malicious ads at the time of the user’s browsing sessions. Users were redirected to specific sites via the malicious ads injected by the extensions.
In some cases, the result page turned out to be a legitimate one like Dell, BestBuy or Macys. In most of the cases, the result page was a malicious one like a phishing page or a malware download site. A report by Duo Security says that the removed extensions were a part of a malware operation running for the last two years. It has been claimed that the group behind the infected Chrome Extensions is running malicious activities since 2010.
Initially, the researchers found around 71 malicious extensions in Google Chrome having more than 1.7 million downloads. Next, extensive research identified that more than 430 other extensions are also malicious.
The malvertising operation had an objective to steal users’ private data without any knowledge. The extensions took the users to hardcoded control servers to access sensitive information like advertisement feed and domains for future malvertising, locations to upload data.
You can check out the list of banned Google Chrome extensions here.
As per the interview conducted for the research, users didn’t give much attention to aggressive ads and redirects deployed by the extensions in question. This speaks volumes about the state of internet we’ve today.
Duo’s report contains the names of all extensions that were part of malicious activities. As per the latest update, Google has removed the extensions from the official web store. It has also deactivated the extensions in the user’s browser. Additionally, the company has marked the extensions as malicious in Chrome so that the users avoid reactivating them.