Malicious Chrome extensions on the rise

Summary:Kaspersky Lab has observed in increase in the use of malicious Chrome extensions to compromise users. The latest pose as a Facebook video.

According to Fabio Assolini, Senior Security Researcher at Kaspersky Lab, attackers are increasingly using malicious Google Chrome extensions to compromise users.

Assolini specifically cites a one such example currently masquerading as a Facebook video. The malware, which is Turkish in origin and targeted at Italian users, hijacks users' Facebook accounts and web browsers. Assolini says they have also seen variants in Latin America.

Users don't use enough good sense when applying extensions in a browser, according to Asssolini.  Extensions are highly-privileged, and they have access to all the data, passwords and websites visited by the user. As he described in a blog on earlier versions of this problem in January of this year, Kaspersky has seen malicious Chrome extensions hosted in the official Chrome Web store, and reports of them go back much further.

Google has, over time, modified Chrome in order to make such attacks more difficult by eliminating the ability to install extensions outside of the store and removing the possibility of silent installation. Kaspersky recommends that users scrutinize the permissions requested by the app at install time, although non-experts are not in a position to judge which permissions are appropriate.

Kaspersky products detect and block such attacks, according to the company.

Malicious-Google-Chrome-Extension
The dialog box in this image, according to Kaspersky, tells the user they should update their Google Chrome.

 

Topics: Security, Browser, Google

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.