Malicious Chrome extensions on the rise

Malicious Chrome extensions on the rise

Summary: Kaspersky Lab has observed in increase in the use of malicious Chrome extensions to compromise users. The latest pose as a Facebook video.

TOPICS: Security, Browser, Google

According to Fabio Assolini, Senior Security Researcher at Kaspersky Lab, attackers are increasingly using malicious Google Chrome extensions to compromise users.

Assolini specifically cites a one such example currently masquerading as a Facebook video. The malware, which is Turkish in origin and targeted at Italian users, hijacks users' Facebook accounts and web browsers. Assolini says they have also seen variants in Latin America.

Users don't use enough good sense when applying extensions in a browser, according to Asssolini.  Extensions are highly-privileged, and they have access to all the data, passwords and websites visited by the user. As he described in a blog on earlier versions of this problem in January of this year, Kaspersky has seen malicious Chrome extensions hosted in the official Chrome Web store, and reports of them go back much further.

Google has, over time, modified Chrome in order to make such attacks more difficult by eliminating the ability to install extensions outside of the store and removing the possibility of silent installation. Kaspersky recommends that users scrutinize the permissions requested by the app at install time, although non-experts are not in a position to judge which permissions are appropriate.

Kaspersky products detect and block such attacks, according to the company.

The dialog box in this image, according to Kaspersky, tells the user they should update their Google Chrome.


Topics: Security, Browser, Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Not surprised

    A company wants you to buy there software.

    “Users don't use enough good sense when applying extensions in a browser”
    • Really!?

      Didn't say the opposite when it was for IE and add-on issues?
      Ram U
  • Re: Malicious Chrome extensions on the rise....

    For those running Google Chrome on Windows only one piece of advice switch back to Internet Explorer. Yes it used to be a poor browser up to and including IE8.

    But from IE9 onwards it is one of the best web browsers out there and better than the once impressive Firefox.

    Granted Google Chrome is an excellent fast browser but if there are security issues is it worth taking risks.

    I think not.
    • Or, simply, run the Chrome browser commando

      Meaning with no extensions.

      The Chrome browser supports easy whitelisting of one's frequently-visited, legitimate web sites for JavaScript execution. All remaining web sites are not allowed to run JavaScript. Whereas Internet Explorer only has this feature for Windows server OSs via the Enhanced Security Configuration (ESC) for IE. Thus, with Chrome, a user can have increased security by maintaining their own whitelisted web sites for JavaScript while also getting the benefit of Google's blacklisted (read malicious) web sites.

      Not to mention that Chrome ships with both the Flash Player and PDF reader (built with the Foxit Software SDK) plug-ins which are transparently kept up to data as well as sandboxed. With IE, this is only available in Windows 8.

      In addition, there are still lots of Windows XP users out there. The Chrome browser is sandboxed on Windows XP. No version of IE is sandboxed on Windows XP.

      Given the choice between Chrome and IE for web browsing, Chrome with no extensions wins hands down.
      Rabid Howler Monkey
      • Right....

        Chrome with no extensions. That covers 0.02% of users.
  • Good to know

    Wow, had no idea about this.. I'm not always as careful as I should be, and I download all kinds of extensions for torch browser. Let's hope they don't target US users.
  • Opera is more secure

    Opera doesn't get malware.
    Tim Acheson
    • Even using

      Chrome extensions on it?
    • Opera doesn't get malware.

      it may now!
  • Ya

    This is really not surprised. With every update, Chrome fixes a dozen or so vulnerabilities. Of course 2-4 weeks later another update is out to fix the vulnerabilities in the previous up.
    No wonder why Chrome had more vulnerabilities than all Microsoft products combined [see the GFI web site] and was the #2 most vulnerable browser [Safari was #1] in 2012 [see report by Secuna or Symantec].
    Malicious writers are taking advantage of sloppy programming and QC by Google.
  • Google hasn't blocked external extensions

    "Google has, over time, modified Chrome in order to make such attacks more difficult by eliminating the ability to install extensions outside of the store and removing the possibility of silent installation."

    Except that this isn't true...third party extensions CAN still be installed and activated silently by modifying Chrome's preferences file directly. Any windows installer can accomplish this once granted's absurdly easy...So malicious extensions don't even need to hide themselves on the Chrome store to infect your PC, they can be hidden in any installer and can use this rather easy exploit to install and activate themselves. They could even re-install themselves after you delete them...

    Chrome and Firefox both need to lock down these exploits.
    • False

      This is false; Google Chrome alerts (yellow config icon) when some extension is installed this way and after click the alert there are 2 big buttons: Keep the extension or remove it.