News

Extensions installed 75 million times removed from Chrome Web Store

Security Parrot Editorial Team

Google Removes 32 Malicious Chrome Extensions from Web Store

Google recently removed 32 malicious extensions from the Chrome Web Store that had been downloaded 75 million times. The extensions had been designed to spoof search results, distribute spam and unwanted ads, and were initially discovered by information security researcher Vladimir Palant.

Malware Hidden in Obfuscated Code

Palant first discovered the malicious code in a PDF Toolbox extension, which had been downloaded 2 million times. The code was disguised as a legitimate API wrapper and allowed the serasearchtop[.]com domain to inject arbitrary JavaScript into any website the user visited. Possible abuse scenarios included injecting ads, stealing confidential information, and more.

18 More Extensions Discovered

Palant then identified 18 more extensions from the Chrome Web Store that contained the same suspicious code. These extensions had been downloaded 55 million times in total, with some of the most popular being Autoskip for Youtube (9 million active users), Soundboost (6.9 million active users), Crystal Ad block (6.8 million active users), Brisk VPN (5.6 million active users), Clipboard Helper (3.5 million active users), and Maxi Refresher (3.5 million active users).

Code Used to Spoof Search Results

Palant identified two variants of the malicious code, one masquerading as the Mozilla WebExtension Polyfill browser API and the other posing as the Day.js library. Both versions used the same JavaScript injection engine using sera searchtop[.]com. Although Palant did not detect any overt malicious activity, he did note numerous user reviews on the Chrome Web Store where people complained that the extensions redirected and spoofed search results.

Avast Notifies Google of Malicious Extensions

Avast experts drew attention to the problem and notified Google representatives about the extensions, confirming their malicious nature. The extensions had amassed more than 75 million installs in total. Avast reports that the extensions were actually adware that spoofed search results, displaying paid and sponsored links, and sometimes even malware distribution links.

Google Removes All Extensions

Google representatives said that all extensions found by experts have already been removed from the Chrome Web Store. The company has urged users to check their installed extensions and remove any that are suspicious.
Google’s removal of the 32 malicious extensions from the Chrome Web Store is a reminder of the importance of being vigilant when it comes to online security. Users should always be aware of the potential risks of downloading extensions and should take the time to read reviews and check for any suspicious activity. By taking these precautions, users can help protect themselves from malicious software and ensure their online safety.

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?