- Domaintools found more than 100 domains promoting fake browser extensions
- These extensions mimicked legitimate products and reputable companies
- They stole sensitive data and performed malicious code external
Security researchers recently found more than 100 malicious browser extensions that make up as legitimate tools. These extensions that were distributed through various channels, but also found in the Google Chrome Web Store, were able to steal sensitive user information as well as receive additional commands to perform.
Google was notified of the conclusions and managed to remove most malware from its depot. Apparently some are still left and continue to present a risk to users.
It all is, according to Domaintools, which claims to have seen more than 100 fake domains that promote the tools, probably through malvertising campaigns. Malware counterfeit all sorts of legitimate products, from VPNs, to AI assistants and cryptocurrency tools and mimicked some of the world’s largest brands, including Fortinet, YouTube or Calendly.
“The Chrome Web Store has removed several of the actor’s malicious extensions after identifying malware,” Domaintools said. “However, the actor’s persistence and the time delay in detection and removal pose a threat to users seeking productivity tools and browser improvements.”
The full list of malicious domains can be found at this link.
Abuse of extensions
Additions and extensions are a great way to expand the browser’s features and thus improve user productivity in a business environment.
E.g. Can tools such as Asana, Trello or Grammarly Streamline workflows and improve writing accuracy, while password guides like Lastpass can improve identification management.
However, they also handle a lot of sensitive information and get high -level permissions, which is why they are often on the threat actors’ radars. That said, not only are hackers looking for ways to break into legitimate tools, they often build fake.
With counterfeit additions, they can get high -level privileges without raising alarms and can access sensitive information stored in the browser, such as passwords or credit card data.
It is important that users only install the additions of reputable sources like Chrome Web Store, but even there – they should read the reviews and remember the download count because villains, as seen in this example, can sometimes smuggle malware past the largest portguards.
Via Bleeping computer
