Just recently, the security researchers at Cisco have found almost 71 chrome extensions that were leaking millions of data records to privately owned servers controlled by a malicious group. They have also discovered that the extensions took advantage of the security loopholes in the advertising cookies to get away with it. They have also identified that the extensions have been active since 2019 and the hackers controlling the servers may have been active for as long as 2017.
Kudos to Google
Once the security researchers completed their homework on the 71 extensions, they immediately reported it to Google. Google didn’t just stop there but identified the other web extensions that had the same sidelines (source code) as the malicious extensions and altogether removed 430 extensions from its web store.
How did they do it?
Authentic extensions use a complicated system of web redirects and cookies to provide its users with the service. However, these extensions also earn revenue through location tracking. The same was the case with a lot of malicious extensions. These extensions tricked Google by pretending to be legitimate extensions and once installed on a device, forced the users to land on pages that were injected with malicious scripts.
Malicious ads or commonly known as malvertising has become a real headache for internet users as well as security providers. This malvertising can be used to exfiltrate data, redirect users to phishing websites, and even monitor their online activities.
It’s not the first time
A year ago, a similar case was exposed where a chrome extension named “Dataspii” affected over 4.1 million users. What it did was to mask itself as a legitimate extension and then record the user data. It recorded all the URLs users visited, hyperlinks and web titles. However, that’s not the extent of it. Security researchers are afraid that the malicious extensions had also accessed and stolen more sensitive data from user’s devices.
What can you do to protect yourself against such malicious extensions?
- Never install extensions that have bad or no ratings.
- Read the reviews, description and access permissions they want to have on your device.
- Immediately report to Google if you think any extension is not doing its job and is more interested in your data.
- Use a VPN to encrypt your data traffic.