Months ago, Google published a blog post informing users of Google Chrome that they cannot install browser extensions from third parties. The reason being Security. By only permitting extensions from official Chrome Web Store, Google claims they would be able to police these extensions in order to prevent malicious ones.
Unfortunately, such tactics aren’t enough to deter cybercriminals. There are still many malware that manages to bypass Google’s security and can inject malicious browser extension. It is also found that cybercriminals also managed to place their malicious extensions in the official Web Store.
Google has made it compulsory for Apps and Extensions getting installed on Chrome to also be available in the Chrome Web Store as a security prerequisite. This means that you can download them just fine from various sites, but they’ll work only if they’re also in the Store. Google claims that this is a method for it to police the whole process and keep out malicious Apps and Extension.
Things are far from perfect for both Google and user, however. TrendMicro reports that yet another malicious browser Extension has made its way in the Web Store and it’s not a singular event.
It seems that it all starts on Facebook, where a click-bait post tries to get your attention to a video related to drunk girls. Once the link is clicked, the individual is redirected to a site that replicates YouTube, but where the video doesn’t actually work.
In order to get the video to work, you’re prompted to install a Chrome extension, which would obviously be unnecessary if you were on the actual YouTube site.
Clicking on the notification that pops up will take you to the Chrome Web Store and invites you to download the malicious extension. After the installation, the user is transported to the actual YouTube page where they can watch the much-desired video.
The extension then makes Facebook posts and comments in your place, but it can also send messages and links via the Facebook chat. This helps with the spreading of the extension.
TrendMicro reports that the author of the extension has hired a virtual private server over in Russia where he registered several domains. The majority of the users who accessed the dangerous sites were from Brazil, but there were also people from the UK, the United States and Argentina.
This isn’t the first malicious extension that has made it past Google’s watchdogs, and it’s not alone in the store. Extensions with suspicious activity as well as downright malicious ones have been discovered in Google Chrome’s Web Store, posing risks such as code injection in web pages, browsing monitoring or information stealing. Studying a number of 48,332 Chrome extensions using a specially designed tool called Hulk, security researchers discovered 130 of them to sport malicious activity and 4,172 behaving suspiciously; most of them were spotted in Chrome Web Store.Most of those that appear to be malicious have only been in the Store for a short time period. Unfortunately, however, they’re getting a lot of downloads, with a few thousands each.
If Google really wants to make Chrome safe and deny people the option of installing absolutely any extension they want from third parties, they should at least pump up the security and test everything.
