While Meltdown and Spectre have dominated news related to security over last couple of weeks, recently, network security analytics firm ICEBRG has revealed that over 500,000 workstations at major global organizations have been infected with different Chrome web browser extensions.
In the official blog post, the security firm revealed four different extensions which might ultimately give attackers access to networks and user information. Since the report was published, the malicious extensions named “Change HTTP Request Header”, “Nyoogle – Custom Logo for Google”, “LiteBookmarks” and “Stickies – Chrome’s Post-it Notes have been removed from the Chrome Web Store.
The researchers wrote, “The same capability could also be used by the threat actor to browse internal sites of victim networks, effectively bypassing perimeter controls that are meant to protect internal assets from external parties.”
“The total installed user base of the aforementioned malicious Chrome extensions provides a substantial pool of resources to draw upon for fraudulent purposes and financial gain. The high yield from these techniques will only continue to motivate criminals to continue exploring creative ways to create similar botnets.”