Google Chrome is undoubtedly the most used browser in the world today. Users love it simply for the fact that it is portable in different operating systems. Moreover, it allows users to customize their experience through various themes and Chrome extensions.
However, researchers have recently uncovered a shocking truth about these extensions. As a result, millions of Chrome users are left in a state of panic. More than 500 browser extensions have been downloading private browsing data and uploading them to attacker-controlled servers.
An independent researcher, Jamila Kaya, found out about ad-fraud schemes and malvertising in the Chrome Web Store extensions. On further research with the Cisco-owned Duo security team, they found issues in 71 different extensions that had over 1.7 million installations. After the researchers reported this privately, Google discovered 430 more extensions that breached users’ private data! So, they immediately removed all the suspicious extensions from their web store.
Sketchy domains, ad-fraud, and malvertising
These shady extensions seemed to be tools for promotion and advertisement. But once the users installed them, the extensions engaged in ad-fraud and malvertising by rifling through various sketchy domains. Each of these plugins first connected to a domain of the same name as the plugin itself (for example, Mapstrek[.]com or ArcadeYum[.]com), to check for information whether to uninstall themselves.
It wasn’t the end. The plugins then redirected the browser to a handful of hard-coded control servers. The servers dictated what was to be done. At this point, the browsers end up uploading private user data and plugin configurations. Thereafter, they still redirected the browser onto other suspicious websites.
Also, the research team observed that the redirections themselves weren’t harmful. It went on to become fraudulent considering the number of redirections. In some cases, the browser redirected up to 30 times! They also discovered that each extension had different functionalities. However, they did share the same source code.
Further, the security firm said in a report that the extensions were made with their actual intentions hidden. As a result, it could evade the Chrome Web Store’s fraud detection mechanism and fool users into installing them.
Be cautious of the extensions you install
Ever since this news came into light, Google has disabled the extensions. They marked them as malware so the users cannot access or install them at this point. However, it is always better to be safe than sorry.
Here’s a list of the compromised extensions in Chrome Web Store:
- PackageTrak Promos
- ProMediaConverter Promotions
- EasyToolOnline Promos
- CrushArcade Ads
- GreatArcadeHits Ads
- ArcadeFrontier Ads
- MapsFrontier Advertising
- SuperSimpleTools Promos
- Advertisements by ArcadeYum
- PackTrackPlus Promos
- EasyToolOnline Promos
- PlayPopGames Ads
- QuickNewsPlus Promos
- GameZooks Advertisements
- PackTrackPlus Promotions
- PackTrackPlus Promotions
- MapsFrontier Advertisement Offers
- ExpressDirections Promos
- MapsTrek Promos
- ClassifiedsNearMe Promos
- MapsTrek Promos
- ClassifiedsNearMe Promos
- ExpressDirections Promos
- MapsTrek Offers
- MapsVoyage Promotions
- FreeWeatherApp Promotions
- EarthViewDirections Promotions
- MapsFrontier Advertisements
- ArcadeCookie Offers
- RecipeAlly Promos
- MapsTrek Promotions
- Offers by MapsFrontier
- GamesChill Ads
- PackTrackPlus Promotions
- MapsVoyage Ads
- Advertising by MapsFrontier
- PlayZiz Advertisements
- Advertising Offers by MapsVoyage
- MapsFrontier Advertising Offers
- FreeWeatherApp Promos
- FreeWeatherApp Advertisement Offers
- ExpressDirections Ads
- YoYoQuiz Promotions
- MapsVoyage Advertising
- MapsPilot Ad Offers
- GoFreeRadio Promos
- Advertising Offers by FreeWeatherApp
- Advertisement Offers by QuizKicks
- Ads by MapsVoyage
- JumboQuiz Advertising
- MapsScout Advertising Offers
- DeluxeQuiz Advertising
- SuperSimpleTools Promos
- Advertising by MapsPilot
- Advertisements by MapsScout
- PackageTrak Promos
- Ad offers by Froovr
- PackageTrak Promos
- GameDaddio Marketing
- DearQuiz Advertising
- Offers by MapsScout
- YoYoQuiz Advertisements
- Advertisement Offers by GameDaddio
- QuizFlavor Advertising
- Advertisements by QuizDiamond
- QuizPremium Advertisements
- CouponRockstar Offers
- MapsFrontier Promos
- Advertising Offers by MapsPilot
- PlayThunder Offers
- LoveTestPro Ad Offers
COMMENT: What do you think about these malicious extensions? Also, stay safe while browsing the web!