Chrome Browser Extensions could be Malware Tainted

Security researchers recently found malicious software concealed inside 4 separate extensions used in the case of Google's Chrome Web-browser. Together, the Chrome browser extensions got pulled down and loaded within over one-half million instances, in particular, onto prominent organizations' computers across the world. The aggregate installs had the possibility of providing cyber-crooks a network of bots even as they were possibly utilized for SEO (search engine optimization) and click fraud operations.

Boffins from ICEBRG a network analytics company discovered the malware tainted extensions when he noticed a surprising hike within outbound traffic from the network originating from a client's workstation. After doing an analysis of the suspicious hike, it was discovered that the traffic's source was certain Chrome extension which was named HTTP Request, even as this traffic was surreptitiously channeled to web-links having ads appended.

The extensions consisted of names such as Change HTTP Request Header that legitimately conceals browser type so that the extension can't be tracked, as well as 3 others seemingly associated with it: Stickies -the Post-it Notes of Chrome; Lite Bookmarks; and Nyoogle -Google's Chrome Logo.

Evidently, there wasn't any malware inside Change HTTP Request Header. Instead it pulled down one JSON blob that was on the 'change-request[.]info' site, with the blob thrusting the latest configuration through an update. Thereafter, a blurred JavaScript was obtained via the regulatory website. Theregister.co.uk posted this, January 17, 2018.

Following the above, the researchers detected 3 more extensions that were carrying out the same task: Nyoogle, Lite Bookmarks, and Stickies. It was then inferred that certain click fraud campaign was using the extensions.

The problem of Chrome facing malware tainted extensions is neither new nor fading out anytime soon. The 3 other associated extensions employed likewise methods for inserting harmful JavaScript, so believe analysts at ICEBRG. The Stickies application does something more i.e. blur its capability for recovering external JavaScript to inject through modification of its jQuery Library. The mentioned three extensions Google has eliminated from Chrome's repository.

Hence, extra caution is necessary while adding extensions inside Chrome, ensuring they're from genuine places while their requirements for the user are real enough.

» SPAMfighter News - 1/24/2018