- Domaineols found more than 100 domains that promote false extensions of the browser
- These extensions were passed through legitimate products and good reputation businesses
- They were stealing confidential data and executing malicious code remotely
Security researchers recently found more than 100 malicious browser extensions that were passed through legitimate tools. These extensions, distributed through several channels, but also found in the Google Chrome website, were able to steal confidential information from the user, as well as receive more commands to run.
Google was notified of the findings and managed to eliminate most of the malware of its repository. Apparently, some still remain and continue to present a risk to users.
All this is in accordance with Domaintarols, who claim to have seen more than 100 false domains that promote tools, most likely through evil campaigns. Malware falsified all kinds of legitimate products, from VPN to AI attendees and cryptocurrency public services, and passed through some of the largest brands in the world, including Fortinet, YouTube or Calendly.
“The Chrome web store has eliminated multiple from the malicious extensions of the actor after malware identification,” Domainteols said. “However, the persistence of the actor and the delay of time in detection and elimination represent a threat to users looking for productivity tools and browser improvements.”
The complete list of malicious domains can be found in this link.
Abuse extensions
Complements and extensions are an excellent way to expand the characteristics of the browser and, therefore, improve user productivity in a business environment.
For example, tools such as Asana, Trello or Grammarly can optimize workflows and improve writing precision, while password administrators such as LotPass can improve credential management.
However, they also handle a lot of confidential information and are granted high -level permits, so they are often found on the radars of threat actors. That said, computer pirates not only look for ways to enter legitimate tools, but often also build false.
With counterfeit supplements, they can obtain high -level privileges without increasing alarms and can access confidential information stored in the browser, such as passwords or credit card data.
It is important that users only install the accessories of good reputation sources, such as the Chrome website, but even there, the reviews and the discharge count should read the reviews because, as seen in this example, criminals can sometimes smuggle malware even beyond the best guardians.
Through Bleepingcomputer
