- Koi security scientists found nearly two dozen browser supplies spying on users
- The addition spores visited places and communicated with remote C2 infrastructure
- Users were likely to be compromised along the way
Many Google Chrome and Microsoft Edge browser supplies, including multiple prominent products, were found to spy on users and communicate with a third-party server, in what appears to be a supply chain attack with millions of victims.
Koi Security security researchers recently looked at a seemingly benign chrome addiction called “Color Picker, Eyedropper-Geo Colorpick”, which allows users to quickly identify and copy color codes from any time in their browser.
While working as advertised and had thousands of downloads and positive reviews, the addition also did something in the background – it hijacked browser activity, track that sites, users were visiting, and communicating with external C2 infrastructure. This prompted the researchers to investigate further, which led to the discovery of an entire web of additions, everyone did similar things.
How to remain safe
They named the campaign’s operation Reddirection and counted 18 additions, and cumulatively compromised 2.3 million users over Chrome and Edge.
The entire list of additions can be found here-it includes VPNs, site “unblockers”, weather forecast additions, emoji addances and more.
The researchers also decided that these additions were not malicious from get-go. They were simple, clean products that were probably hijacked somewhere along the line. Many have hundreds of positive reviews, and some were shown in prominent places in the Chrome Web Store.
Most were removed from the Play Store but according to Bleeping computer“Many of them are still available”. Although not clearly specified, it is safe to assume that they are available through third -party stores and free websites.
If you drove any of the additions from the list, remove them right away, clear browser data and run a complete system scan using an updated antivirus solution.
It would also be wise to replace all passwords stored in the browser, as well as other sensitive auto-fill data. Data violations are becoming increasingly common, with almost a third of companies experiencing a break in spite of increased cyber security investments. You can see if your information is affected using the popular violation control site has cibeenpwned?
In addition to identity theft -protection software, users can stay secure by being ultra careful with any unexpected communication, thoroughly checking any E emails and texts they receive, and never click on any non -made links.
Via Bleeping computer
