Google has removed over 500 malicious Chrome extensions from its Web Store following an investigation by a security researcher and Cisco’s Duo Security.
After a two-month investigation, security researcher Jamila Kaya, in collaboration with Cisco’s Duo Security team, identified hundreds of extensions active on hundreds of thousands of Chrome installations that are injecting malicious ads within browsing sessions.
The extensions were part of a huge malware operation, active for at least two years or more, injecting conditionally-activated malicious code and redirecting users to specific sites. In many cases, the sites were actually legitimate, but some destinations were phishing pages, or pages containing malware.
According to the Duo Security report, the browser extension fraud network affected millions of users, and the group behind it was probably active since the early 2010s. To uncover it, independent security researcher Jamila Kaya used CRXcavator – an automated Chrome extension security assessment tool released by Cisco’s Duo Security engineers.
Google responded swiftly to the report and validated findings before fingerprinting the extensions that were identified.
This also allowed its teams to search the full Chrome Web Store and discover more than 500 related extensions.
“We appreciate the work of the research community, and when we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” said a Google spokesperson.
“We do regular sweeps to find extensions using similar techniques, code, and behaviors, and take down those extensions if they violate our policies.”
You might also like
More from Google
Google Meet Introduces Data Saver Mode
Google Meet has a new feature that will help you save battery power by restricting data and decreasing the power …
Google Shuts Down Its Mobile Shopping Apps
Google is pulling the plug on its mobile shopping apps for both iOS and Android and redirecting users to its …
Google Maps Will Soon Suggest More Eco-Friendly Routes
As part of Google's commitment to helping users reduce their environmental footprint, Maps will soon default to routes that have …
Google Makes It Easier To Find Shared Files On Drive
Google is updating search operators in Google Drive to make it easier to find shared files.
Google Now Lets You Snooze Calendar Desktop Notifications
Google is rolling out a new feature that lets you snooze your desktop Google Calendar notifications.
Google Calendar Now Lets You Split Your Workday Into Segments
Google Calendar is introducing work hour segmentation and repeating out-of-office replies to help you organize your hectic schedule.
Google Photos Gets A New Video Editor
After launching its new photo editor on Android last year, Google Photos is now rolling out a new video editor …
Chrome Now Mutes Notifications When You Are Sharing Your Screen
Chrome is giving users more privacy and fewer distractions, by muting web notifications while screen sharing.
Google Now Lets You Check Your Video And Sound Before Joining A Meet Call
Google has announced a new feature that lets you quickly preview how you look on camera before going on a …