![]() Now, whoever attempts to use them will see a “malware” label alongside their name in Google Chrome’s browser extension section. Protecting yourself against malicious browser extensionsĪs per standard practice, Google disabled the malicious extensions in each user’s browser. Based on these findings, Awake Security called for a better audit of domain name registrars, as cybercriminals and nation-states can exploit their platform to deliver malicious extensions, tools and websites without being caught. Some security mechanisms that rogue browser extensions could bypass include web proxies, cloud-based sandboxes, domain reputation engines, and endpoint security solutions. Researchers, however, determined that adversaries could exploit the advanced security processes in GalComm domains to bypass multiple layers and conduct their activities secretly. He also added that the firm cooperates with security bodies and law enforcement as much as it can to prevent such cases. While researchers say they were unable to get in touch with the registrar’s representatives, GalComm’s owner Moshe Fogel told Reuters he didn’t know about any malicious activity linked to his company. All of these domains were registered via the Israeli-based internet domain provider GalComm. Internet domain registrar may have helped to fuel the spreadīesides the malicious extensions, Awake Security researchers discovered around 15,000 domains that were set up to store the data that the extensions gathered. The malicious extensions didn’t have a price tag and were packaged as add-ons to either enable users to convert files or alert them about questionable websites. They had been downloaded to devices associated with healthcare, retail, oil and gas, government, financial, and many other sectors. Spoofed to look legitimate, the extensions carried a range of surveillance capabilities such as capturing keystrokes (like passwords), reading clipboards, taking screenshots and harvesting credential tokens present in parameters or cookies.īased on the findings, the extensions allowed attackers to create strong footholds on enterprise networks. The researchers also revealed that the extensions were downloaded almost 33 million times by Google Chrome users, with a few extensions receiving over ten million installs. While most of them appeared to function normally, they were actually offering support to a massive global surveillance campaign by spying on and stealing data from users across various industry verticals. Seventy-nine of these extensions were present on the Chrome Web Store. ![]() Malicious Chrome extensions received over 30 million downloadsĭuring a three-month study, researchers from Awake Security discovered 111 malicious browser extensions available to download for Google Chrome. With that in mind, let’s look at a recent case of malicious browser extensions and what you can do to detect them (before it’s too late). Plus, the fact that marketplace authorities don’t properly vet most extensions makes these modules safe for carrying malware. ![]() Generally, extensions aren’t considered as applications, so they often fly under a security program’s radar. ![]() The large user base makes it attractive for bad actors to package malware inside the extensions.Īnother appeal of using extensions is that it’s difficult for an antivirus to spot the malware. This means that a lot of people end up using them. Almost all popular web browsers offer extensions, including Chrome, Safari, Opera Firefox, Microsoft Edge and Internet Explorer.
0 Comments
Leave a Reply. |