[MART] - Daily Diary #585 - Chrome Extensions Installed by 1.4 Million Users

ctas-mat at appgate.com ctas-mat at appgate.com
Wed Aug 31 21:17:21 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

08/31/2022 - Diary entry #585:

This week, it was revealed that five Google Chrome malicious extensions were installed by over 1.4 million users via Chrome’s web store.

Disguised as legitimate extensions, they provide functionalities such as allowing users to watch Netflix together, website coupons, and taking screenshots of websites. Besides all those functionalities, all the extensions have malicious code that tracks the user’s browsing activity.

The extensions monitor every website visited, forwarding the requests to the threat actors with the objective of modifying the cookies on some websites that have an affiliate ID (such as e-commerce). Then, the extension authors receive affiliate payment for any items purchased.

Besides the financial gains the threat actors leverage, those extensions are a risk to privacy since every website visited is being sent to the servers and there is a chance that they could be used for other malicious purposes like distributing phishing or malware.

Similarly to mobile apps, installing browser extensions (even from the official store) requires caution. We recommend users not install any browser extension before reviewing the extension’s permissions list, number of installed users, and the comments - checking for suspicious generic comments made by bots to increase the reputation and users denouncing malicious purposes.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220831/e060d212/attachment.htm>

More information about the MART mailing list