In other cases, the extensions were published by developers who managed to bypass vetting processes browser makers used in an attempt to block abusive or malicious add-ons. In at least one case of extension tampering, malicious code was inserted into extensions after attackers gained access to the accounts of legitimate developers. Individuals’ tax returns, doctor appointment schedules, and other personal information was also exposed. The data divulged proprietary information from some of the biggest names in tech, including Tesla, Trend Micro, Symantec, and Blue Origin. Last year, a researcher uncovered Chrome and Firefox extensions that collected and published the browsing histories of an estimated 4 million people. Advertisementįurther Reading My browser, the spy: How extensions slurped up browsing histories from 4M usersOver the past few years, third-party add-ons have become a widely used means for infecting people with malware and adware. It’s also possible that legitimate developers created the add-ons and then unknowingly sold them to someone who intended to use them maliciously. The researchers don’t yet know if the extensions came with the malicious code preinstalled or if the developers waited for the extensions to gain a critical mass of users and only then pushed a malicious update. The actors also exfiltrate and collect the user’s birth dates, email addresses, and device information, including first sign in time, last login time, name of the device, operating system, used browser and its version, even IP addresses (which could be used to find the approximate geographical location history of the user).
User’s privacy is compromised by this procedure since a log of all clicks is being sent to these third party intermediary websites. Anytime a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit. Users have also reported that these extensions are manipulating their internet experience and redirecting them to other websites. At the time this post went live, some, but not all, of the malicious extensions remained available for download from Google and Microsoft.Īvast researchers found malicious code in the JavaScript-based extensions that allows them to download malware onto an infected computer.
/img_20.png "avast blocking sites on crome")
The add-ons billed themselves as a way to download pictures, videos, or other content from sites including Facebook, Instagram, Vimeo, and Spotify. In all, researchers from Prague-based Avast said they found 28 extensions for the Google Chrome and Microsoft Edge browsers that contained malware. As many as 3 million people have been infected by Chrome and Edge browser extensions that steal personal data and redirect users to ad or phishing sites, a security firm said on Wednesday.
0 kommentar(er)
