- More than 3,2 million users have been affected by Chrome extensions infected with malware.
- Attackers have used phishing techniques to access developer accounts and distribute malicious code.
- The compromised extensions have been removed from the Chrome store, but remain active on users' devices.
- It is recommended to review and uninstall suspicious extensions and minimize the permissions granted to each application.
Millions of users of Google Chrome have been exposed to a serious security threat after it was discovered that at least 16 popular extensions have been compromised with malwareIt is estimated that more than 3,2 million people have been affected, without even suspecting it, due to a sophisticated attack carried out by cybercriminals.
This problem has not originated from fake or unknown extensions, but from legitimate tools that users have downloaded trusting in their security. Attackers managed to compromise these applications by acquiring developer accounts or using phishing tactics to gain access to the extension update infrastructure.
How did attackers manage to infect these extensions?
The strategy used by cybercriminals has been extremely effective. Instead of creating new fraudulent extensions, they have opted to compromise already established applications, which had thousands of active users and had broad access to browser information.
To accomplish this, the attackers gained access to legitimate developers' accounts, either by purchasing their credentials or by tricking them with fake support requests. Once inside, they began distributing malicious updates which included code capable of spying on user activity, modifying web traffic and even inserting unwanted advertising.
List of affected extensions
The following extensions have been identified as vulnerable and used to spread malware:
- Blipshot
- Emojis – Emoji Keyboard
- WAToolkit
- Color Changer for YouTube
- Video Effects for YouTube and Audio Enhancer
- Themes for Chrome and YouTube™ Picture in Picture
- Mike Adblock for Chrome | Chrome Werbeblocker
- Page Refresh
- Wistia Video Downloader
- Super Dark Mode
- Emoji Keyboard Emojis for Chrome
- Adblocker for Chrome – NoAds
- Adblock for You
- Adblock for Chrome
- Nimble Capture
- KProxy
What are the risks for users?
The danger of these infected extensions lies in the permissions that users have granted when installing them. Many of them require full access to the content of all visited web pages, allowing attackers to modify sites, steal credentials and personal data, or redirect to fraudulent pages.
Furthermore, some of these extensions have been used to inject unwanted ads into web pages, generating revenue for attackers at the expense of users' browsing experience. In the worst cases, they have even allowed the victim's browser to be used for criminal activities without their knowledge.
How to protect yourself from these types of threats
Although Google has already removed these extensions from its official store, those that were already installed in users' browsers are still active and can continue to execute their malicious functions. To mitigate any risk, it is recommended to take the following actions:
- Check and remove suspicious extensions: Accede to chrome: // extensions and review all installed extensions. If you find any of the affected extensions listed, remove them immediately.
- Control extension permissions: If an extension requires access to all websites and is not essential, uninstall it.
- Avoid downloading extensions without verifying their origin: Before installing any tool, check its developer and consult forums or news to verify its legitimacy.
- Keep your browser updated: Google frequently patches vulnerabilities in Chrome, so it's essential to have the latest version.
- Use antivirus tools: Reliable security software can help detect and remove any malicious files on your device.
This incident highlights the risks associated with installing extensions in web browsers. While they offer useful functionality, they can also become Attack vectors for cybercriminalsThe best strategy is to limit the number of extensions installed and periodically review their activity to avoid unpleasant surprises.
Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.