{"id":96584,"date":"2018-01-17T16:52:31","date_gmt":"2018-01-17T15:52:31","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=96584"},"modified":"2025-07-01T23:41:27","modified_gmt":"2025-07-02T06:41:27","slug":"malware-filled-chrome-extensions-have-been-downloaded-500000-times","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/malware-filled-chrome-extensions-have-been-downloaded-500000-times\/","title":{"rendered":"Malware-filled Chrome extensions have been downloaded 500K times"},"content":{"rendered":"

Google Chrome is widely regarded as one of the most secure web browsers available<\/strong> today. If you add speed and reliability to Chrome\u2019s high-level security, you can see why it is the most popular browser<\/strong>. There is a chink in Chrome\u2019s armor, however, that has been exploited before and that has again seen hundreds of thousands of Chrome users exposed to malicious code<\/strong>. That weakness is the Google Chrome Web Store.<\/p>\n

We reported in October that 30,000 Chrome users had downloaded a fake ad blocker extension<\/strong><\/a> that caused their browser to be inundated with ads. On Friday, researchers at security firm ICEBRG<\/strong><\/a> uncovered four Chrome extensions<\/strong> that contained malicious code that had already been downloaded 500,000 times from the Chrome Web Store<\/strong>.<\/p>\n

\r\n
\r\n
\r\n
\r\n \"8\r\n <\/div>\r\n
\r\n 8 tricks to boost your security on Google Chrome<\/span>\r\n Click Here to Read<\/a>\r\n <\/div>\r\n
\r\n <\/path><\/path><\/text><\/svg>\r\n <\/div>\r\n <\/div>\r\n
\r\n <\/span>\r\n <\/div>\r\n
\r\n \r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n<\/div>\n

The extensions in questions are the HHTP Request Header, Nyoogle, Stickies, and Lite Bookmarks<\/strong>. The researchers discovered that there had been a spike in outbound traffic from one of ICEBRG\u2019s customers and their investigations led them to the extensions mentioned. Each infected the victim\u2019s PC<\/strong> with code that forced the PC to \u201cclick\u201d certain advertisements that would generate revenue for the people behind it. According to ICEBRG a similar bot in 2013 generated $6,000,000 a month<\/strong>.<\/p>\n

\"\"
(Image via: ICEBRG) – How the malicious extensions generate money<\/figcaption><\/figure>\n

Google removed the malicious extensions<\/strong> from the Chrome Web Store as soon as ICEBRG privately notified it of their presence. In ICEBRG’s report on their findings, however, they pointed out that this type of attack will continue to be attractive to cyber-criminals<\/strong> due to the high payoffs that they offer. They added<\/a>:<\/p>\n

“…without upstream review or control over this technique, malicious Chrome extensions will continue to pose a risk to enterprise networks.”<\/em><\/p>\n

The ball is definitely in Google’s court on this one. If they want to stamp out this type of scam,\u00a0they’re going to have to assess their review process for Chrome add-ons<\/strong>. In the meantime, take care when you’re downloading anything from the Chrome Web Store.<\/p>\n

Follow me on Twitter:\u00a0@PatrickDevaney_<\/b><\/span><\/a><\/em><\/p>\n

 <\/p>\n

Via: ICEBRG<\/a> and arstechnica<\/a><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Google Chrome is widely regarded as one of the most secure web browsers available today. If you add speed and reliability to Chrome\u2019s high-level security, you can see why it is the most popular browser. There is a chink in Chrome\u2019s armor, however, that has been exploited before and that has again seen hundreds of … Continue reading “Malware-filled Chrome extensions have been downloaded 500K times”<\/span><\/a><\/p>\n","protected":false},"author":9073,"featured_media":95111,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-96584","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/96584","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9073"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=96584"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/96584\/revisions"}],"predecessor-version":[{"id":328346,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/96584\/revisions\/328346"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/95111"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=96584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=96584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=96584"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=96584"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=96584"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=96584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}