500 Chrome browser extensions stealing millions of user’s private data

Cybercriminals never stop their innovation; they want your data and will do anything to get it.

Developing a novel method to poison Google’s extension ecosystem and combining this with “social engineering” tactics that lure users into installing malware-laden Chrome extensions. 

Users were tricked into downloading an advertising-as-a-service extension for their business but what they got was … a malicious infection that made them part and parcel of a multi-faceted fraudulent, malicious malvertising (yes that’s a word), data exfiltration, redirection and phishing scam.

Google removed the 500 extensions that an independant IT person had alerted them to but this is not the first time a huge crop of malicious extensions has been discovered and removed from the Google Chrome Store for behaving badly “after” millions of people had already downloaded them.

It’s also a warning that social engineering tradecraft could become much more prevalent in browser extension fraud enticing users to download apps and extensions that are not what they say they are.

This is a good reminder that things are not always as they seem to be. Continue your process of creating a security culture and promote whenever possible an extra bit of scepticism. 

To discuss successful partnerships and how engaging Consulting IT will reduce your downtime/ expenditure/ stress while increasing awareness/ auditing and compliance of your IT Infrastructure simply contact Corey Hill (chill@consultingit.com.au) National Sales and Marketing Manager.

By | 2020-02-26T13:26:49+10:00 February 26th, 2020|Latest Articles|