Google removes 32 malicious Chrome extensions with 75 million installs from the Web Store

[midian182]

In brief: It's not just the Play Store where Google has to deal with malicious software sneaking past its safeguards. The company has just removed 32 malicious extensions from the Chrome Web Store that appear to have been installed a combined 75 million times.

As is often the way in these cases, the extensions were able to hide their hidden code from users by performing their intended functions, reports BleepingComputer.

Cybersecurity researcher Wladimir Palant previously wrote that he had discovered obfuscated code in the PDF Toolbox extension for Google Chrome, which had a Chrome Web Store rating of 4.2 and more than 2 million users.

Palant wrote that the code allows the "serasearchtop[.]com" website to inject arbitrary JavaScript code into all websites that users of the extension visit. He explained the code was designed to activate 24 hours after the extension was installed, with its likely intention being the injection of ads.

A couple of weeks after discovering the code in the PDF Toolbox extension, Palant wrote in a follow-up article that he had found 18 malicious browser extensions using similar code. They had a combined user count of 55 million and included Autoskip for YouTube (9 million active users), Soundboost (6.9 million), and Crystal Ad block (6.8 million).

'

Avast reported the extensions to Google after it confirmed they contained malicious code. The cybersecurity giant discovered other similar extensions, taking the total to 32 and the number of installs to 75 million.

Avast did add the caveat that while that number is alarmingly high, the install counts may have been artificially inflated. It basis this theory on the suspiciously low number of reviews on the Chrome Web Store and the fact that the number of people who encountered the malicious activity didn't align with the number of installs.

Avast confirmed that the extensions' final payload appears to be adware that spams people with unwanted ads, along with a search results hijacker that displays sponsored links, paid search results, and potentially malicious links. Google said that the reported extensions have now been removed from the Chrome Store. Anyone who still has the extensions installed should deactivate or uninstall them.

Permalink to story.

https://www.techspot.com/news/98941-google-removes-32-malicious-chrome-extensions-75-million.html

 

[Blqckout]

Id rather get spied on than have some of these removed lol
you can just force the creator to update said code instead of deleting
I mean everyone spies on us nowadays, whats one extention gonna change?

 

[MasterMace]

Id rather get spied on than have some of these removed lol
you can just force the creator to update said code instead of deleting
I mean everyone spies on us nowadays, whats one extention gonna change?

Sounds like a paid comment from the spying company, who is also the same company that makes the browser, and pays the people sending you ads, which are the people who wrote the malicious code.

TLDR: stop using Chrome.

 

[Blqckout]

Sounds like a paid comment from the spying company, who is also the same company that makes the browser, and pays the people sending you ads, which are the people who wrote the malicious code.

TLDR: stop using Chrome.

ive been using opera gx and never even used chrome lol
I just couldnt care less abot what they do, go ahead and stand up for our rights if you want, itd be great even, I just dont care enough to change it

 

[MasterMace]

ive been using opera gx and never even used chrome lol
I just couldnt care less abot what they do, go ahead and stand up for our rights if you want, itd be great even, I just dont care enough to change it

My apologies, a Chromium browser that still uses the Chrome Web Store.

 

[tipstir]

I had to delete one of my older gmail accounts because of what happen with yahoo email data breach. What a huge mess. I still use chrome with not issues. Once that old account was deleted everything was normal. I have Opera, Vivxx those use Chrome Engine. Firefox every thing I do today is Google. Just check your extensions make sure they are doing what they're suppose to be doing. I know some I had to remove Ghostly there was one more acting up stared with the Revexxx.

 

[bertklijn]

I think google can crimely prosecute the owners of these extensions for sybercrime. Just removing them would be senceless if they get scot free out of this.then there would be nothing stopping them or others to do these things again.
I also hope that we get a notice from google if we where using one or more of these extensions.
And that they remove the installation of these extensions from our accounts.
Ather than that this should not had to be possible in the first place.

 

[slfisher]

If you're going to recommend that we delete the extensions, wouldn't it be helpful to provide a complete list?

 

[Hotlynx16]

Just stupid, you talk about 32 extensions and don't even give us a complete list! Where is "The rest of the story"????

 

[Daddio]

It wasn't hard to find... don't be lazy. Here is the list... https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/