- KOI security researchers found almost two dozen browser accessories spying on users
- The accessories were tracking the sites visited and communication with remote infrastructure C2
- Users were probably committed to the way
It was discovered that many Google Chrome and Microsoft Edge Browser accessories, including several outstanding products, were spying on users and communicating with a third -party server, in what seems to be a supply chain attack with millions of victims.
Koi Security Security researchers were recently investigating an apparently benign chrome complement called “Picker color, eyedropper-geco colorpick” that allows users to quickly identify and copy color codes from any point inside their browser.
While working as announced, and with thousands of downloads and positive reviews, the complement also did something in the background: he kidnapped the activity of the browser, tracked the users of the websites and communicated with a remote infrastructure C2. This led researchers to investigate more thoroughly, which led to the discovery of a complete network of accessories, all doing similar things.
How to stay safe
They called the Reddirection campaign operation and counted 18 accessories, accounts accounts for 2.3 million users in Chrome and Edge.
The complete list of accessories can be found here: includes VPN, “unlocking” of the site, time forecast accessories, emoji accessories and more.
The researchers also determined that these supplements were not malicious from the beginning. They were simple and clean products that were probably kidnapped somewhere along the line. Many have hundreds of positive criticisms, and some appeared in prominent places in the Chrome web store.
Most were removed from Play Store, but according to Bleepingcomputer“Many of them continue to be available.” Although it was not clearly specified, it is safe to assume that they are available through third -party stores and independent websites.
If you were executing any of the accessories on the list, you must immediately remove them, delete the navigation data and execute a scan of the complete system using an updated antivirus solution.
It would also be advisable to replace any password stored in the browser, as well as other confidential automatic filling data. Data violations are becoming increasingly common, and almost a third of companies experience rape despite cybersecurity investments. Can you see if your information is affected using the popular infraction current website you have?
In addition to identity theft protection software, users can keep safe when they are ultra cautious with any unexpected communication, thoroughly verifying the emails and texts they receive, and never click on any unreliable link.
Through Bleepingcomputer
