Over 500,000 Chrome Extension Downloads Found to be Malicious

Technology > Security

Photo By Jeramey Lende via Shutterstock

Computer security service provider ICEBERG’s researchers found four malicious extensions that contain more than half a million combined downloads from Google Chrome’s Web Store.

The Washington-based company claimed that the widely known secure browser contains more than 500,000 malicious extension downloads, which caused Google to also remove said extensions.

The researchers shared that they have detected a suspicious traffic increase in the outbound network coming from a customer workstation. After this discovery, they realized that the spike was generated by the Google Chrome extension named HTTP Request Header. This very same extension uses an infected machine in order to secretly visit web links that are related to advertising. The ICEBERG team also found three more extensions - Lite Bookmarks, Stickies, and Nyoogle. These three extensions also do the same thing as HTTP Request Header.

The security firm researchers suspect that the chrome extensions were a part of a scam that gathers revenue through a per-click reward system. However, the researchers warned that said add-ons may also be used to spy on organizations and people who have installed it on their computers.

In a report, the ICEBERG researchers wrote, “In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks.” They added that because of the inherent trust established on said Google extensions, it paved way for the success of a large-scale fraud campaign.