Technology Busted: Huge malware operation targeted Google Chrome extensions

02:15  15 february  2020
02:15  15 february  2020 Source:   bgr.com

Chrome's data 'deleting' bug: Google says a fix is coming soon

  Chrome's data 'deleting' bug: Google says a fix is coming soon Google is working on a new update, and assures users that their app data hasn't actually been erased.The problem arose when some Android devices were updated to Chrome 79 (the M79 update). While the browser itself worked fine, web data suddenly vanished from other apps that rely on Chrome's WebView component. Google responded quickly by slamming the brakes on the update while it investigated.

Google has cracked down on Chrome extension malware —but the bad guys are finding ways to stay ahead of their defenses.HOTLITTLEPOTATO. As with Android apps, though, Chrome extensions can sometimes hide malware or other scourges, even when you install them from the official Chrome

Google Keep Chrome Extension . Currency converter for Google Chrome fast and easy to use. Make the most of Chrome with these must-have extensions .

While she was performing some routine tasks one day that relate to her job of constantly hunting for digital threats online, security researcher Jamila Kaya stumbled across the first in a series of malicious Google Chrome extensions that would spark a two-month investigation and lead to the removal of more than 500 extensions by Google from its web store. Unfortunately, more than 1.7 million Chrome users had already installed that first batch of extensions she found, which gave some urgency to this investigation — the results of which have been unveiled in a newly published report into what turned out to be a huge malware operation active for at least two years.

Google Chrome affected by serious security flaw

  Google Chrome affected by serious security flaw SQLite vulnerabilities could expose Chrome users to malicious attacks.Known as Magellan 2.0, it is actually a set of five vulnerabilities relating to how Chrome uses the SQLite function to work with data.

Google pulled over 500 malicious Chrome extensions from the Web Store after security researchers exposed a malware operation that injects nasty ads in users’ browsing According to the report, the malware -injecting extensions are tied to a larger effort that’s been operating for at least two years.

Your Chrome homepage or search engine keeps changing without your permission Unwanted Chrome extensions or toolbars keep coming back If Chrome finds an unwanted program, Chrome will remove the software, change some settings

google-chrome-chromebook© Provided by BGR google-chrome-chromebook

After her initial discovery, Kaya reached out to the Duo security team at Cisco, according to the report. She contacted them about a variety of Chrome extensions she found that infected browsers and would “exfiltrate data as part of a larger campaign.”

“These extensions were commonly presented as offering advertising as a service,” the report notes. “Jamila discovered they were part of a network of copycat plugins sharing nearly identical functionality. Through collaboration, we were able to take the few dozen extensions and utilize CRXcavator.io to identify 70 matching their patterns across 1.7 million users and escalate concerns to Google.”

The Duo team goes on to explain that bad actors are increasingly using legitimate internet activity to obscure their malicious actions, one of the most popular channels being the use of advertising cookies and the redirects within them. It’s a technique called “malvertising” that is surprisingly hard to detect. “Malvertising often occurs within other programs, acting as a vehicle for multiple forms of fraudulent activity, including ad-fraud, data exfiltration, phishing, and monitoring and exploitation,” the report continues. “Alternatively, it also emerges in multipart malicious campaigns that involve advertising collection and defraudment.”

Google is finally killing off Chrome apps, which nobody really used anyhow

  Google is finally killing off Chrome apps, which nobody really used anyhow Extensions will still be supported, thoughA Chrome app is a web-based app that you can install in Chrome that looks and functions kind of like an app you’d launch from your desktop. Take this one for the read-it-later app Pocket, for example — when you install it, it opens in a separate window that makes it seem as if Pocket is functioning as its own app.

Facebook malware campaigns are not new. Examples of similar operations include facexworm and Radware has dubbed the malware “Nigelthorn” since the original Nigelify application replaces The malware redirects victims to a fake YouTube page and asks the user to install a Chrome extension

Agreed that is classic malware behavior. Also check add-remove programs for anything not fully trusted or needed. Try Malwarebytes Anti- Malware Free and Hitmanpro to check and confirm you are clean. Also here is a Really detailed malware removal guide.

The code within these malicious extensions would sometimes redirect users to an affiliate link on sites like Best Buy’s or Macy’s. Other times, the destination might be a download site for malware. The researchers said Google was responsive when they escalated the matter up to them, and a Google spokesman said that it always takes action when the research community alerts it to issues that violate the company’s policies. Moreover, Google said it performs “regular sweeps to find extensions” similar to these that use comparable techniques, code, and behaviors.

Sign up for BGR's Newsletter. For the latest news, follow us on Facebook, Twitter, and Instagram.

Google removes 500+ malicious Chrome extensions from the Web Store .
A network of malicious Chrome extensions was injecting malicious ads in millions of Chrome installs.The removed extensions operated by injecting malicious ads (malvertising) inside users' browsing sessions.

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!