Recently we have reported on several security issues affecting the popular Google Chrome web browser. These have included fake extensions, browser-targeting malware, and spellchecker vulnerabilities, as well as security improvements such as new password-replacing technology (get all your Chrome news here). Unfortunately, today we have to bring you news of another set of fake Chrome extensions that are targeting victims with ‘malvertising’ campaigns.
Security experts at Guardio Labs have discovered a ‘malvertising’ campaign that is using 30 fake Chrome extensions with over 1 million downloads between them. Malvertising attacks are when scammers use advertising to try and spread malware. You can the list of add-ons in the image below:
One of the extensions is pushed on users when they access certain video-downloading sites. It is pushed as a video color customization tool, to augment video downloads. It doesn’t contain any malicious code, which allows it to pass the antivirus scan that is activated by download attempts.
When the extension is live, however, it will redirect victims to a webpage that is filled with malware that can then link to it. Once the malware-ridden scripts link to the extension, they can then take over search results and fill them with affiliate links. They will also push the victims to websites that are linked to the scammers allowing them to further skim ad revenue from the victim’s web usage.
This scam doesn’t directly harm the victims beyond seriously affecting their time on the internet and bombarding them with crap. However, the major risk here is that the malicious scripts could also send users to phishing sites, which could see security login credentials stolen or even worse, credit card details leaked.
As always with these types of scams, however, you are able to exert a certain degree of power over your vulnerability by being aware of the calling signs of these types of scams. To help you keep on top of that, we have produced an anti-phishing scam infographic, which we recommend you download.