Read the recent Security Spotlight by Rich Lindberg, Senior Security Consultant and vCISO at Nth Generation:
Let the buyer beware! Insidious browser extensions are stealing your data! They hide in plain sight and are on official store download sites.
This is only the latest in these types of attacks. There have been incidents with phone app stores where malvertising has gone on until reported. The threat vector is using these trusted sites, knowing that users will have their guard down because it is the ‘official site’. Do your own due diligence; avoid blindly trusting what gets installed on your phones or desktops. Google has now removed them from its official Web Store, but if you still have any of them installed, we recommend you remove the browser extensions immediately!
Read the recent article posted on The Hacker News:
Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. These extensions were part of a malvertising and ad-fraud campaign that's been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been active since 2017. The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security, which unearthed 70 Chrome Extensions with over 1.7 million installations.
Upon sharing the discovery privately with Google, the company went on to identify 430 more problematic browser extensions, all of which have since been deactivated. "The prominence of malvertising as an attack vector will continue to rise as long as tracking-based advertising remains ubiquitous, and particularly if users remain underserved by protection mechanisms," said Kaya and Duo Security's Jacob Rickerd in the report…
Read the full article here: https://amp.thehackernews.com/thn/2020/02/chrome-extension-malware.html
Ravie Lakshmanan. “500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users.” thehackernews.com The Hacker News, Originally published February 14, 2020. Accessed 2/19/20.