4 Malicious Extensions Found in Chrome Web Store

Heads up, Google Chrome users: Researchers at enterprise security firm Icebrg recently discovered four malicious extensions in the official Google Chrome Web store.

The malicious extensions—named Change HTTP Request Header, Nyoogle, Lite Bookmarks, and Stickies—have affected more than half a million Google Chrome users, including workers at major organizations around the world, the researchers wrote in a Monday blog post.

"Although likely used to conduct click fraud and/or search engine optimization (SEO) manipulation, these extensions provided a foothold that the threat actors could leverage to gain access to corporate networks and user information," they added. Click fraud campaigns "enable a malicious party to earn revenue by forcing victim systems to visit advertising sites that pay per click," Icebrg wrote.

The windfall from this type of scheme can be massive. A similar botnet dubbed Chameleon, which had more than 120,000 host machines, cost advertisers $6 million per month before it was dismantled in 2013. It's unclear how much money the individuals behind this new batch of malicious Chrome extensions racked up from the scheme.

Moreover, malicious actors could use this same capability to "browse internal sites of victim networks, effectively bypassing perimeter controls that are meant to protect internal assets from external parties," Icebrg wrote.

The researchers discovered the malicious extensions while investigating a suspicious spike in outbound network traffic from a customer's workstation. It informed Google and other "relevant parties," including the United States Computer Emergency Readiness Team and the National Cyber Security Centre of The Netherlands (NCSC-NL).

It appears Google has since removed all four malicious extensions from the Chrome Web store.

Still, the researchers warn that the malware may still be present on impacted machines, even if the extensions are no longer available in the store. They may also still be available for download via third-party Chrome extension sources.

Google did not immediately respond to PCMag's request for comment.

The researchers warned that it's easy for organizations and individual users to overlook this threat.

"Coupling an extension marketplace style 'easy install' for users, limited understanding of the underlying risks, and few compensating controls leaves organizations vulnerable to a serious and easily overlooked attack vector," they wrote. "To a motivated threat actor, this approach presents a range of opportunities, from co-opting enterprise resources for advertising click-fraud to leveraging a user's workstation as a foothold into the enterprise network."

About Our Expert

Angela Moscaritolo

Managing Editor, Consumer Electronics

My Experience

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade.

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

The Technology I Use

My little Florida beach bungalow is brimming with smart home tech. I have a smart speaker or display in every room, allowing me to control other connected devices by voice. The Nest Hub on my bedside table lets me set wake-up alarms, control my smart light bulbs, and set the temperature on my smart thermostat. I use the Amazon Echo Show 8 on my kitchen counter to browse recipes, reorder protein powder, check the weather, and watch the news while I do dishes.

Because I suffer from allergies, air purifiers are essential. My favorite model is the Dyson Purifier Cool TP07, which doubles as a fan and continuously sends indoor pollution data to its companion mobile app.

My pitbull Bradley sheds, so a good robot vacuum is a must. I currently use a premium Ecovacs Deebot that can both vacuum and mop, empty its own dustbin, and wash its own mop cloth.

For fitness, I like to mix up my routine with cycling, indoor rowing, running, and strength training in addition to yoga. I take classes on the Tonal 2 smart strength training machine, I row indoors on an Aviron machine, and track my beach runs with an Apple Watch while listening to music on my Apple AirPods Pro. On the weekends, I love riding e-bikes like the rugged, beach-friendly Aventon Aventure for fun and fitness.

My job involves a lot of virtual meetings, so a quality webcam, microphone, and ring light are important. I use the Jabra PanaCast 20 webcam, the Elgato Wave: 3 microphone, and a Yesker tripod ring light.

As for my preferred phone platform, I'm an iPhone person, but I've also extensively used Android for product testing.

Read the latest from Angela Moscaritolo

Read full bio