In a shocking discovery, a group of Chrome extensions has been found inserting malicious codes in Google and Bing search results. 295 Chrome extensions downloaded by more than 80 million users have been found sabotaging results, although, the number might include bots as well.
Discovered by AdGuard, a firm that offers ad-blocking solutions stumbled upon the malicious Chrome while investigating a cluster of fake ad-blocking Chrome extensions on the Chrome Extension store.
As per a report by AdGuard, most of the extensions presented themselves as ad-blocking extensions, whereas some were present on the official Chrome Extension Store as extensions to forecast weather and take a screenshot. The fake ad-blocking extensions tried to snoop on users using ‘Cookie stuffing’ and ‘ad fraud.’ Interestingly, at least six such fake extensions were re-using the same code that was found in a host of Chrome extensions exposed last year.
What makes these malevolent Chrome extensions even more dangerous is the fact that they can change behavior at any point in time without any update and start doing whatever they like. This is because these extensions use third-party codes loaded from a remote server and controlled by the owners. These codes could be changed at any point in time, and it doesn’t require any update.
80M people scammed by fake ad blockers in @googlechrome Web Store. The worst thing is, there's nothing new: malicious extensions either reappear or don't get removed at all. Why? We're trying to find answers: https://t.co/YIXg5NcALO
— A ..
Support the originator by clicking the read the rest link below.
