Malicious Chrome Extensions Infect Over 100,000 Users Again

An anonymous reader quotes Ars Technica: Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google's official Chrome Web Store. The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected more than 100,000 users, at least one inside a "well-protected network" of an unnamed global manufacturing firm, Radware said...

The extensions were being pushed in links sent over Facebook that led people to a fake YouTube page that asked for an extension to be installed. Once installed, the extensions executed JavaScript that made the computers part of a botnet. The botnet stole Facebook and Instagram credentials and collected details from a victim's Facebook account. The botnet then used that pilfered information to send links to friends of the infected person. Those links pushed the same malicious extensions. If any of those friends followed the link, the whole infection process started all over again. The botnet also installed cryptocurrency miners that mined the monero, bytecoin, and electroneum digital coins.

AI

[110010001000]

Good thing we have AI to protect us from running malicious programs. Surely AI is able to do that?

Re:AI

[Ol+Olsoc]

Good thing we have AI to protect us from running malicious programs. Surely AI is able to do that?

Only if we implement blockchain though!

Re:AI

[Ol+Olsoc]

I’m starting up a new blockchain selling Fuckerberg shekels.

Bless you, for you are doing God's work!

Edge... LOL

[Lunix+Nutcase]

This is why I only run Edge. You never have to worry about anyone wanting to write malware for it when only three of us use it.

Re:Edge... LOL

[Lunix+Nutcase]

What does a British funk band have to do with things?

Re:Edge... LOL

I also use Edge... at the office and I feel safe because even MSN sites don't work.

Chrome is a trojan

It cares about market share and tracking over the security of the user. Unfortunatley Firefox has also comprimised its values and therefore it’s extention safety for ads. This leaves users without a viable extention eco system because Edge and Safari extentions aren’t powerful enough and Pale Moon blocks extentions for political reasons. We need a powerful and secure extention system, we deserve better.

Re:Chrome is a trojan

[Ocker3]

How many of us are willing to pay for a license for something secure?

Re:Chrome is a trojan

[rojash]

Thats the dumbest thing I have heard. What makes you think a license makes it more secure ?? Ever heard of Windows ??

Re:Chrome is a trojan

[oldmac31310]

Extension.

Evidence that pointless OK buttons are horrible++

[Ocker3]

#rant I hate how many pointless message there are in so many pieces of software, I've actually been sitting with a user who was clicking Ok on Every box that came up and said "I just want it to work..." The problem was that one of the messages had a specific piece of text in it that I wanted so that I could fix the problem. So in amongst the chaff was some actual wheat. Perhaps we'll need to wait until the next generation (who've hopefully grown up knowing about code from primary school) comes along and knows more than so many currently do about what should and shouldn't be necessary to just watch a YouTube video.

Powerful all-present platform ...

[Qbertino]

... breeds dangerous all-powerful problems. As Chrome OS and chrome-style new-gen powerbrowsers and the neat and nifty open web gain more and more ground this is a problem that the company pushing the web - Google - will need to address. Thoroughly. If they don't want their plan to fall flat on its face that is.

I personally find it very encouraging that the web has finally reached the power it once only had with the all-present Flash and where at the point where we can do basically anything on an open cross-platform technology. Stuff like this however I find discouraging. ... If you push to much of universal computing into the web, more and more malware pusher will adopt and problems like these are likely to increase. Google will have to work on containing this.

Re:Powerful all-present platform ...

[blackest_k]

This has been going on for years and google knows it has too. A couple of years back I had a slashdot story posted about it. This problem was raised to board members within google and still there are malicious extensions within googles extension repository.

Which...

[hcs_$reboot]

...ones?

time to give up

[AndyKron]

Is it time to give up on computers yet thanks to shitful humans? I am.

Re:time to give up

[rojash]

You going fishing rest of your life huh

Installation dialog on web page load ? really ?

[herve_masson]

Can anyone tell me why the browser displays an "Install XYZ extension" dialog when loading a web page?
We all know that people simply click on "Ok" no matter what is shown on these dialogs.

It seems to me that the installation of an extension should be entirely manual: go to the extensions page, find the extension by its name, check the information, click on "Install the button", review options such as "give access to ", click on "Validate".

I doubt that people would make this way easily; it would be likely to filter out many abuses.

It's not like we need to install dozen extensions every day ; convenience features to help extension installation is useless & dangerous.

Re:Installation dialog on web page load ? really ?

[herve_masson]

Yes. And very sadly, same is true for firefox, which is a real shame.

Re:Easy to stall this threat via hosts... apk

[DontBeAMoran]

shouldn't that be 127.0.0.1 ?

Go a head...

[MerlTurkin]

...keep using Facebook you idiots!