Home Internet & Social MediaGoogle Researchers Reveal that Malicious Chrome Extension Has Infected over 500,000 Workstations

Researchers Reveal that Malicious Chrome Extension Has Infected over 500,000 Workstations

While Meltdown and Spectre have dominated news related to security over last couple of weeks, recently, network security analytics firm ICEBRG has revealed that over 500,000 workstations at major global organizations have been infected with different Chrome web browser extensions.

In the official blog post, the security firm revealed four different extensions which might ultimately give attackers access to networks and user information. Since the report was published, the malicious extensions named “Change HTTP Request Header”, “Nyoogle – Custom Logo for Google”, “LiteBookmarks” and “Stickies – Chrome’s Post-it Notes have been removed from the Chrome Web Store.

The researchers further noted that although the extensions don’t contain malicious codes, they contain two different items that an enable the injection of random JavaScript codes. Afterwards, the code establishes a WebSocket tunnel with the command and controls server that can proxy browsing traffic using the victim’s browser in order to visit advertising-related domains.

The researchers wrote, “The same capability could also be used by the threat actor to browse internal sites of victim networks, effectively bypassing perimeter controls that are meant to protect internal assets from external parties.”

“The total installed user base of the aforementioned malicious Chrome extensions provides a substantial pool of resources to draw upon for fraudulent purposes and financial gain. The high yield from these techniques will only continue to motivate criminals to continue exploring creative ways to create similar botnets.”

Related Articles