- DOMAINTOOLS has found more than 100 areas promoting false browser extensions
- These extensions have taken legitimate products and renowned companies
- They stole sensitive data and executed malicious remote code
Security researchers have recently found more than 100 malicious browser extensions presenting themselves as legitimate tools. These extensions, distributed by various channels, but also found on the Google Chrome web store, were able to steal sensitive user information, as well as receive other orders to be executed.
Google was informed of the results and has managed to remove most malware from its repository. Apparently, some still remain and continue to present a risk for users.
All of this is according to Domaintools, who claims to have spotted more than 100 false areas promoting tools, probably through MalVerping campaigns. Malventy software has usurped all kinds of legitimate products, VPNs, AI assistants and public cryptocurrency services, and have put the identity of some of the biggest brands in the world, including Fortinet, YouTube, or in a calendant manner.
“The web store chrome has deleted several malicious extensions from the actor after the identification of malware,” said Domaintools. “However, the persistence of the actor and the detection and deletion period constitute a threat to users looking for productivity and browser improvement tools.”
The complete list of malicious areas can be found on this link.
Abuse extensions
Complementary modules and extensions are an excellent way to expand browser features and thus improve user productivity in a commercial environment.
For example, tools like Asana, Trello or Grammarly can rationalize workflows and improve the precision of writing, while password managers like LastPass can improve the management of identification information.
However, they also manage a lot of sensitive information and obtain high -level authorizations, which is why they are often on the radars of threat actors. That said, not only do the pirates are looking for ways to enter legitimate tools, but they often build false.
With used additional modules, they can gain high -level privileges without having alarmed and can access sensitive information stored in the browser, such as passwords or credit card data.
It is important that users only install complementary modules from renowned sources such as web store chrome, but even there-they should read criticism and take care of the number of downloads because, as we can see in this example, crooks can sometimes pass malicious software even beyond the biggest guards.
Via Bleeping Compompute
