Extensions Chrome infected: 32 dangerous modules to remove urgently
Extensions Chrome infected: 32 dangerous modules to remove urgently
Be careful with the extensions you add to your web browser! Security researchers have discovered 32 Chrome add-ons that hijack search results and display advertisements.
Web browser extensions, such as Google Chrome, Mozilla Firefox, Microsoft Edge, or Safari, are very useful. These add-ons, also known as plug-ins, provide useful features that are not included by default in these software programs, such as ad-blocking, PDF conversion, task list management, spelling and grammar checking, and more.
However, be cautious when downloading them, even from official stores, as some may contain malicious code. This is the case with 32 infected extensions recently identified by Avast security researchers on the Chrome Web Store.
And these are not exotic extensions: with nearly 75 million downloads, they indeed deliver the services they promise. However, in addition to that, and particularly deviously, they modify search results to display sponsored links and paid results, distribute spam or unwanted advertisements, and sometimes redirect users to dangerous websites!
Chrome Extensions: Redirects and Search Result Hijacking
Wladimir Palant, a cybersecurity researcher, published an article in mid-May in which he explained that he analyzed the PDF Toolbox extension, available on the Chrome Web Store and with 2 million downloads. He discovered that it contained malicious code that allowed the "serasearchtop[.]com" domain to inject arbitrary JavaScript code into any website visited by the user.
This opens up possibilities for abuse, ranging from displaying ads to stealing sensitive information. While Wladimir Palant did not observe any malicious activity at first, he noticed that the code was activated 24 hours after the extension was installed, a behavior commonly found in malware.
As we learn in a new article, Wladimir Palant further investigated and discovered the same code, as well as two variations, in 18 other Chrome extensions (Autoskip for YouTube, Soundboost, Crystal Ad block, Brisk VPN, Clipboard Helper, and Maxi Refresher), totaling 55 million downloads. Again, the researcher did not observe any malicious behavior, but numerous reports and user comments on the Web Store indicated that these extensions were performing redirects and search result hijacking. Here is the list of the affected extensions:
- Autoskip for Youtube
- Soundboost
- Crystal Ad block
- Brisk VPN
- Clipboard Helper
- Maxi Refresher
- Quick Translation
- Easyview Reader view
- PDF toolbox
- Epsilon Adblocker
- Craft Cursors
- Alfablocker ad blocker
- Zoom Plus
- Base Image Downloader
- Clickish fun cursors
- Cursor-A custom cursor
- Amazing Dark Mode
- Maximum Color Changer for Youtube
- Awesome Auto Refresh
- Venus Adblock
- Adblock Dragon
- Read Reader mode
- Volume Frenzy
- Image download center
- Font Customizer
- Easy Undo Closed Tabs
- Screen screen recorder
- OneCleaner
- Repeat button
- Leap Video Downloader
- Tap Image Downloader
- Qspeed Video Speed Controller
- HyperVolume
- Light picture-in-picture
In addition to the 32 malicious extensions identified by Wladimir Palant, Avast has published a list of about 82 infected add-ons that should be urgently uninstalled, providing their unique identifiers to avoid any confusion in the names. Of course, Google has removed the reported extensions from the Chrome Web Store, as reported by The Bleeping Computer. However, it is also crucial to uninstall them from the devices on which they were downloaded with the content of the article.
