Malicious Chrome extensions promoted via Facebook
Posted on 01.02.2013
Malicious Chrome extensions are lurking on the official Chrome Web Store, warns Kaspersky Lab Expert Fabio Assolini, and the campaign for leading users to them starts on Facebook.

The messages appear on compromised accounts, tag several of the victims' friends, include a link to a page hosted on one of several .tk domains, and offer no explanation.

The domains host a webpage in Turkish, urging visitors to download a bogus Google Chrome update and to install a "Chrome Guncellemesi" ("Chrome Update") extension:

Those who opt to do so are redirected to the official Chrome Web Store, where the bogus extension is hosted:


The extension's permissions show that its definitely not benign, as it can access the users' data on all websites; read and modify their browsing history; access their tabs and browsing activity; manipulate settings that control websites' access to cookies, JavaScript, and plugins; and more - and that's not all.

"After installation on a user's computer the extension does a number of malicious things; such as doing the action 'like' on several profiles of users and company pages, as part of a scheme to sell 'likes'. It can also control your Facebook profile entirely, collect cookies, post in your wall, etc," warns Assolini.

Even though Google has been informed of this and they have removed the extension in question from their web store, others are sure to pop up eventually.

Since Google stopped allowing the installation of extensions that are not hosted on the official web store and made silent installations impossible, cybercriminals have been left with no other option but trying again and again to plant their malicious extensions in Google's store.






Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //