One of the big advantages of Chrome is the number of plugins available to customize the operation of the browser. Small problem: some seemingly harmless ones have been downloaded more than 87 million times directly from the Chrome Web Store. Except harmless, they weren’t.
Indeed, many of these extensions have recently been discovered to be malicious. Since users had absolute trust in the Chrome Web Store, they thought they were legit at first glance. However, some of them happened to contain code that compromised user security. The situation is problematic and highlights the need for increased monitoring by Google to ensure that its users are not exposed to online threats.
Malicious extensions in the store
This discovery comes from Wladimir Palant, founder of the eyeo company and inventor of the Adblock Plus plugin. He recently spotted a plugin called PDF Toolbox, which at first glance offered the ability to convert office documents and edit PDF files. Nothing fancy, there is a shovelful of the same type. 2 million downloads and a good user rating, everything seemed to be rolling. However, upon digging a bit, he detected some suspicious elements in the extension’s code.
Once launched, PDF Toolbox would connect to a dubious site and download arbitrary code from all pages users viewed. This code is generally designed to perform harmful actions: collecting sensitive information such as banking data, pushing the installation of fraudulent software, etc.
After further research, Palant discovers 34 other malicious plugins which have different basic functions. In total, these extensions have been downloaded 87 million times. One of the most popular was Autoskip for Youtube, which was downloaded 9 million times. These extensions sat snug in the Store for at least 6 months before being removed.
The dangers of this type of extensions
The first risk is that they have expanded access to user data. They can read and modify website data, steal information, insert unwanted advertisements or modify search results at will. Like any program, they receive updates, which can enhance their functionality.
The second problem is that a large majority of users install extensions without considering the risks that may be associated with them. They give plugins permission to access their data for them to work properly. It is on this aspect that hackers play so that these extensions can have free rein once installed in the browser.
Last, and perhaps most problematic of all, is the inability of official stores to protect. Admittedly, control mechanisms are in place, but malicious extensions can easily slip through the cracks. For the Chrome Web Store, this mesh is mostly woven through negative user feedback. In cases where these do not notice anything really suspicious, many extensions remain undetected.
The non-exhaustive list of these extensions includes: HyperVolume, Light picture-in-picture, Front Customizer, Adblock Dragon, Zoom Plus, Craft Cursors, Brisk VPN… The complete list is available on the Kapersky website, in source at the bottom of the page. ‘article.
Moral of this adventure: do not give full confidence to official stores. Their defense mechanisms are not yet evolved enough to win the game of cat and mouse.
Sources: Kapersky, Palant
8