Researchers at Cato Networks have discovered two dozen malicious Google Chrome browser extensions and 40 associated malicious domains that are being used to introduce adware on victim systems, steal credentials, or quietly redirect victims to malware distribution sites.
The security vendor discovered the extensions on networks belonging to hundreds of its customers and found that they were not being flagged as malicious by endpoint protection tools and threat intelligence systems.
Etay Maor, senior director of security strategy at Cato Networks, says such extensions can pose risks for enterprise organizations. "Security researchers have found extensions performing malicious activity that ranged from stealing usernames and passwords to stealing financial data," he says. The theft of personal and corporate data is a real threat for organizations, and there have already been multiple instances of extensions doing so, he notes.
While malicious extensions are an issue with all browsers, it's especially significant with Chrome because of how widely used the browser is, Maor says. It's hard to say what proportion of the overall Chrome extensions currently available are malicious. It's important to note that just a relatively small number of malicious extensions are needed to infect millions of Internet users, he says.
One case in point was Awake Security's discovery last June of over 100 malicious Google Chrome extensions that were being used as part of a massive global campaign to steal credentials, take screenshots, and carry out other malicious activity. Awake Security estimated that there were at least 32 million downloads of the malicious extensions. In February 2020, Google researchers discover dozen malicious chrome extensions