500 Google Chrome extensions were stealing sensitive data from users

Google recently removed 500 malicious extensions from its Store.

Google recently found that 500 extensions available in its Store were stealing user's sensitive information. These extensions were also found to inject ads and siphon off user browsing data to hacker-controlled servers. The extensions had 1.7 million downloads, which means that at least 1.7 million users were affected by them.

The extensions which were using promotions and advertisements as disguise were connecting browser clients to hacked C2 servers. This mechanism leads the extensions to evade the security mechanisms. Upon initial contact with the site, the extensions established contact with the C2 server and uploaded user data, along with various re-directions to phishing websites.

Google immediately removed all these extensions and has ensured user safety. NPAV recommends checking extension permissions and uninstalling rarely used extensions from your devices. Extensions can be easily exploited by attackers so use the ones you really need.

Use NPAV and join us on a mission to secure the cyber world.