Malicious Chrome extensions promoted via Facebook
Posted on 01.02.2013
Malicious Chrome extensions are lurking on the official Chrome Web Store, warns Kaspersky Lab Expert Fabio Assolini, and the campaign for leading users to them starts on Facebook.

The messages appear on compromised accounts, tag several of the victims' friends, include a link to a page hosted on one of several .tk domains, and offer no explanation.

The domains host a webpage in Turkish, urging visitors to download a bogus Google Chrome update and to install a "Chrome Guncellemesi" ("Chrome Update") extension:

Those who opt to do so are redirected to the official Chrome Web Store, where the bogus extension is hosted:

The extension's permissions show that its definitely not benign, as it can access the users' data on all websites; read and modify their browsing history; access their tabs and browsing activity; manipulate settings that control websites' access to cookies, JavaScript, and plugins; and more - and that's not all.

"After installation on a user's computer the extension does a number of malicious things; such as doing the action 'like' on several profiles of users and company pages, as part of a scheme to sell 'likes'. It can also control your Facebook profile entirely, collect cookies, post in your wall, etc," warns Assolini.

Even though Google has been informed of this and they have removed the extension in question from their web store, others are sure to pop up eventually.

Since Google stopped allowing the installation of extensions that are not hosted on the official web store and made silent installations impossible, cybercriminals have been left with no other option but trying again and again to plant their malicious extensions in Google's store.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th