Google has removed 32 Chrome extensions after cybersecurity researchers discovered their malicious intent. According to cybersecurity firm Avast and researcher Wladimir Palant, most of these Chrome extensions offered legitimate functionalities but injected arbitrary code into any website a user visited. Due to this, users were infected with ads on web pages and manipulated search results. It appears that extensions did not redirect users to phishing websites, though the exact purpose remains unclear. Therefore, it is best to remove them if users have them installed. The security researchers claim these 32 extensions have over seven crore downloads, though the numbers seem inflated as the reviews on the Chrome Web Store are suspiciously low.
In a blog post, Avast highlights that these Chrome extensions’ functionalities ranged from adblockers, downloaders, and browser themes to recorders and tab managers. These Chrome extensions probably remained under the radar as they offered legitimate functionalities. However, cybersecurity researcher Palant started investigating the PDF Toolbox extension in May and found that websites were injected with “arbitrary JavaScript code.” In a separate post, he said the goal of this code was monetising the browser extension in ways prohibited by the Chrome Web Store policies.
Days later, the researcher found similar code in over 20 Chrome extensions. By the end of May, Avast, thanks to Palant’s initial research, discovered 32 malicious extensions on the Chrome web store. Some of them include Autoskip for Youtube (9 million), Soundboost (6.9 million), Crystal Ad block (6.8 million), Brisk VPN (5.6 million), Clipboard Helper (3.5 million), and Maxi Refresher (3.5 million).
Avast’s investigation continues and cautions users from downloading extensions from fishy developers. The post reads, “This example is a reminder that individuals must use caution when installing extensions – even those available on official platforms like the Chrome Web Store. A rule of thumb: Always check the developer’s reputation and read reviews before installing an extension. Also, be wary of extensions that request excessive permissions or seem to have unrelated functionalities.”
The company promises better security with its anti-virus software. The security researcher adds that these extensions mainly earned money by redirecting search pages, though that does not mean that they still limit themselves to it now.
Cybersecurity issues remain a massive threat, especially in countries like India, where many users are unaware of online security issues. Many bad actors are finding ways to scam users via messaging platforms, such as WhatsApp. Scammers primarily try to persuade users to share sensitive OTP (one-time passwords) or log into fishy web pages.