In 2017, a malicious Google Chrome extension being spread in phishing emails stole any data posted online by victims. The campaign highlights various security issues that browser extensions can introduce, researchers said. While a large portion of these ad streams were actually benign (leading to ads for Macy’s, Dell or Best Buy), these legitimate ad streams were coupled with malicious ad streams that redirected users to malware and phishing landing pages. The extension would also redirect browsers to various domains with advertising streams. Once downloaded, the extensions would connect the browser clients to a command-and-control (C2) server and then exfiltrate private browsing data without the users’ knowledge, researchers said.
The extensions had almost no ratings on Google’s Chrome Web Store, and the source code of the extensions are all nearly identical.
After researchers first identified 71 malicious extensions and reported their findings to Google, the tech giant then identified 430 additional extensions that were also linked to the malvertising campaign, they said.
Researchers believe that the actor behind this campaign was active since January 2019, with activity escalating between March and June. Through collaboration, we were able to take the few dozen extensions and… identify 70 matching their patterns across 1.7 million users and escalate concerns to Google.” “ discovered they were part of a network of copycat plugins sharing nearly identical functionality. “These extensions were commonly presented as offering advertising as a service,” according to Jamila Kaya, an independent security researcher, and Jacob Rickerd, with Duo Security, in a Thursday analysis. In this particular instance, bad actors were redirecting victims from legitimate online ad streams to malware-laced pages. Malvertising often is used as a vehicle for fraudulent activity, including data exfiltration, phishing or ad fraud. But researchers said that the malicious extensions they discovered are instead part of a massive malvertising campaign that also harvested browser data. The browser extensions, all of which have now been removed, were downloaded millions of times from Google’s Chrome Web Store.īrowser extensions are used for customizing web browsers, modifying user interfaces, blocking ads and managing cookies. So I hope it will be fine in here.Researchers say that 500 Google Chrome browser extensions were discovered secretly uploading private browsing data to attacker-controlled servers, and redirecting victims to malware-laced websites. So I'd like to ask if it is done by the blocker (currently uninstalled - waiting if it will do the alert or not) do you know how can I block force popups? And if it will not be done by the blocker is there any way how can I find out what does it do or how can I fix it?ītw hope that there is a place for something like this cause there is really lots of StackExchanges and I didn't know where else to ask. I cannot test it because it's really random and like once per day.
I think that that it is done by Popup blocker pro Which I've installed recently because I really hate force popup windows and Chrome in default cannot block them (I've set it in settings its not working properly). Have you ever seen something like this before? I did malware and virus scans but nothing, so I though that it is done by some extension in Chrome. It randomly on random page inputs into the console following commands and it shows alert windows which redirects to another page. I'm having some problem with probably some extension in Google Chrome.