Be careful with Chrome extensions

Extensions bring practical extras to the web browser, but users need to be careful when installing.

According to a recent report by cybersecurity news site ThreatPost, they discovered 106 malicious extensions and asked Google to remove them from the Chrome Web Store extension market. These extensions have a total of 32 million downloads.

They are hidden under the 'cover' of malicious web detectors, or file format converters. These are the extensions that users need very much so they will be installed immediately without much thought. Hence, it is a very perfect 'cover'.

Be careful with Chrome extensions Picture 1Be careful with Chrome extensions Picture 1

As a result, these malicious extensions have set up backdoors in 100 different organizations and businesses. Among these are financial institutions, medical institutions, and even government institutions.

Since the source code of these malicious extensions is so similar, cybersecurity researchers assume they were all released by a group of hackers. They are believed to be part of a global surveillance campaign to put backdoors in organizations and businesses around the world.

Extensions are more and more dangerous

Google has worked hard to prevent malicious extensions on its Chrome Web Store from attacking users. Google's security checker is really a huge 'shield' against malicious extensions. If passed, however, malicious extensions will have a chance to spread widely and widely, as the number of users who trust Chrome Web Store is huge. As a result, new malicious extensions are also increasingly crafty.

Often times, a malicious extension redirects the user to a hacker site to download the infected file. However, if you link directly to this website, Google will immediately detect it. To avoid this, the hackers add a portal site to check where the connection is coming from.

If the connection did not come from a company or Internet service provider, it would be considered a security checker system, such as Google. From there, the website 'gatekeeper' will display a harmless webpage to fool the virus checker into finding the website is safe.

If the connection comes from a company or Internet service provider, which means that someone visits, the site will redirect the user to its real website, with a malicious link.

Therefore, when hackers upload malicious extensions to the Chrome Web Store marketplace, Google's virus checker will be tricked into a fake website to determine if the extension is safe. However, when you install it, the user visits a real website that contains malware.

Larger scale

Previously, most malicious Chrome extensions were aimed at just one computer. It can install a keystroke tool or monitor a user's web browser usage. The effect range is also only on the computer a user is using.

However, a new wave of malicious Chrome extensions will change this. New malicious Chrome extensions will set up backdoors on victim computers.

From that backdoor, hackers can infiltrate deeper into an organization's or enterprise's network. If they can bypass the defense systems of an organization's computer network, hackers will be able to steal data on other computers and data systems in the organization's computer networks.

Hence, this is an improvement of malicious Chrome extensions that cybersecurity has never seen. Currently, a user on a mainframe network can adversely affect others by carelessly installing a malicious extension.

How to check for malicious extensions

If users want to know if malicious extensions are installed, they can check with the following steps:

- Open Chrome web browser, then type 'chrome: // extensions /' in the address bar.

- Click the 'Details' button of the extension to check, then copy its ID.

- Open link here, press Ctrl + F, then paste the extension ID to see if it is in the list of malicious extensions. If so, the user should proceed to delete it.

How to avoid encountering new malicious extensions

Before installing an extension, users often opt for extensions with high downloads because they think they are reliable. However, this number is no longer properly evaluated as in the above case.

Therefore, users who need to change their choice should believe in extensions that have been around for a long time. When an extension has been around for many years, receiving many positive suggestions and reviews, users can rest assured that it does not carry a malicious risk.

4 ★ | 1 Vote