Browser extensions continue to infect their users with malware and spyware with a strong success rate than usually believed. Just four Chrome extensions managed to target over half a million of users, a latest report has claimed.
The report by ICEBRG revealed that while these extensions are likely used to "conduct click fraud and/or search engine optimization (SEO) manipulation," they can also provide "a foothold that the threat actors could leverage to gain access to corporate networks and user information." The report added that workstations within major organizations globally were in the affected list. The list of these malicious Chrome extensions include:
- Nyoogle - Custom Logo for Google
- Lite Bookmarks (removed from Store)
- Stickies - Chrome's Post-it Notes
- Change HTTP Request Header (removed from Store)
While the researchers have assured that all the affected customers have been alerted and Google has removed the malicious Chrome extensions, they warned that "the use of third-party Chrome extension repositories may still allow the installation of the extensions."
ICEBRG also added that during their research, they only noticed this particular threat actor using this capability to visit advertising domains for click fraud campaigns. While a lucrative industry in itself, this workaround could also be potentially used to visit any internal sites of the target network, "effectively bypassing perimeter controls that are meant to protect internal assets from external parties."