Chrome Extensions Labelled Rogue

John Lister's picture

A security firm says four malicious extensions for Google Chrome were downloaded a total of more than half a million times. It's asking why Google's vetting process didn't weed the malware earlier.

Extensions in Chrome are similar to add-ons for other browsers - namely, third-party tools that improve the web browsing experience. Common examples include ad-blockers, password managers and tools for downloading videos from web pages (such as Youtube).

Because extensions have some level of access to a user's Internet data (and even some control over their browsing), Google has some security measures in place. It only recommends installing extensions from the official Chrome web store, where developers must use a Google account to verify themselves.

Google also vets extensions before they go live in the store, though the sheer number of extensions means this process is largely automated and works based on checklists of known characteristics and rogue tactics.

Scammers Bypassed Security Check

Security services company ICEBRG recently spotted some unusual traffic from one of its clients. When it investigated the issue, it found four extensions - Change HTTP Request Header, Lite Bookmarks, Nyoogle and Stickies - all posed a security risk. All four have been removed from Google's Chrome Webstore since ICEBRG went public with its findings. (Source: icebrg.io)

The risk involved JavaScript, a programming language used for interactive features on websites. By default, Chrome verifies JavaScript code for signs of malicious intent before running it. In addition to that, there's also a block on extensions from using code run outside of the browser in order to circumvent the verification. The extensions in question were set up to bypass this block. (Source: threatpost.com)

Extensions Used For Click Fraud

The limited 'good news' in this case is that it appears the people behind the rogue extensions were simply using it to have the computers make behind-the-scenes 'visits' to web pages hosting pay-per-click advertisements. This boosts the level of traffic to the site hosting the advertisements, and thus helps defraud the advertisers.

ICEBRG warns that methods used to make the extensions rogue can still be used to directly harm the user while using the browser.

What's Your Opinion?

Do you use Chrome extensions? If so, what checks do you make on an extension before installing it, or do you simply trust Google? Should or could Google do more to stop rogue extensions appearing in its store?

Rate this article: 
Average: 4.9 (8 votes)

Comments

trevvytrev_10414's picture

I don't use Chrome and therefore don't have Chrome extensions but I have Stickies (one of the extensions mentioned in the report) installed as a standalone app on my Win 7 Pro machine (publisher is Zhorn Software). Am I in danger aswell?

durbandon's picture

Hi

On my phone which is a Samsung Galaxy J1 I recently keep getting a message to disable Google Play Video as it could destroy my phone. I have uninstalled and disabled it frequently every day but it keeps coming back. I can't just remove all Google from my phone as I subscribe to Google Play Music and back my phone up to my Gmail account. Is this one of the Rogue Extensions to which you refer and how do I get rid of it. I never installed it and it seems to come by default. It has remained dormant since I purchased my phone in 2016 and the problem only surfaced a few weeks or months ago. Any help would be appreciated.

Dennis Faas's picture

If you can't remove an app you can force stop / uninstall any updates, then force stop / disable it. This should prevent it from running again or updating.