Google confirmed that it has removed 34 malicious extensions from Chrome. This is not the first time Chrome has been found to have malicious extensions, and some of them may still be downloaded on some people’s devices. Here’s what we know so far.
How were the extensions discovered?
Cybersecurity expert Wladimir Palant discovered a malicious extension while analyzing the one known as PDF Toolbox, which has more than two million users. He uncovered a hidden code within the extension that had gone unnoticed for at least a year.
OLDER AMERICANS ARE BEING TARGETED IN A MALVERTISING CAMPAIGN
That prompted the multinational cybersecurity software company Avast to delve deeper into the issue. They found 32 malicious extensions and brought the news to Google, who then found two more, bringing the total to 34.
In total, the extensions were downloaded more than 75 million times and were capable of injecting ads into pages, cryptocurrency mining or collecting user data such as browsing profiles, online banking credential, or credit card information.
The 34 malicious extensions found in Chrome Web Store
Adblock Dragon
Alfablocker ad blocker
Amazin Dark Mode
Autoskip for YouTube
Awesome Auto Refresh
Base Image Downloader
Brisk VPN
Clickish fun cursors
Clipboard Helper
Cursor A custom cursor
Craft Cursors
Crystal Ad block
Easy Undo Closed Tabs
Easyview Reader view
Epsilon Ad blocker
Font Customizer
HyperVolume
Image download center
Leap Video Downloader
Light picture-in-picture
Maximum Color Changer for YouTube
Maxi Refresher
OneCleaner
PDF Toolbox
Quick Translation
Qspeed Video Speed Controller
Readl Reader mode
Repeat button
Screence screen recorder
Soundboost
Tap Image Downloader
Venus Adblock
Volume Frenzy
Zoom Plus
60 TOP GOOGLE PLAY APPS INFECTED WITH ANDROID MALWARE AFFECTING MILLIONS
How do I remove a malicious extension?
Use the Remove option
Open Chrome
Click the three vertical dots
Click Extensions
Select Manage Extensions
Find the extension you want to remove and click Remove
Click Remove again to confirm
WAS YOUR PRIVATE DATA BEING SOLD ON THIS DARK WEB MARKETPLACE
How do I protect myself from malicious extensions?
Along with the 34 malicious extensions, it is likely that there are far more that are active that have not yet been uncovered. You can take these steps to ensure that you’re not downloading any malicious extensions to your device and risking your information being stolen. Here are some of my tips.
Look at reviews thoroughly
Read reviews carefully before downloading anything to your device. If you notice many negative reviews, that’s never a good sign. And if you see positive reviews that are super-vague and don’t give specific details, those could be fake reviews that scammers have made up to try to lure people in. Use your judgment, and trust what your gut is telling you.
Stick to official app stores or trusted sources
Download extensions from reputable sources, such as official browser extension marketplaces, to reduce the risk of downloading malicious software.
Check for spelling and grammar errors
HOW TO IDENTIFY AND STOP APPS THAT ARE LISTENING TO YOU
Oftentimes, malicious extensions will have spelling and grammar errors. A legit extension would be thorough with its spelling and grammar to look more professional, and it wouldn’t repeat the same words over again. If you’re noticing a ton of mistakes in the name or description of the extension, take that as a red flag.
Keep your software up to date
Regularly update your operating system and web browser software to ensure that you have the latest security patches and protection against emerging threats.
Be cautious of permissions
Pay attention to the permissions and extension requests during installation. It may be a red flag if an extension asks for excessive or unnecessary permissions.
Have good antivirus software
The best step that you can take to protect yourself against malicious extensions is to have good antivirus software on all of your devices. Having antivirus software running on your devices will make sure you will be stopped from clicking on any malicious links or from downloading any files that will release malware into your device and potentially have your private information stolen. They will also help you to steer clear of any websites or phishing scam sites that could put your online safety at risk.
See my expert review of the best antivirus protection for your Windows, Mac, Android and iOS devices by visiting CyberGuy.com/LockUpYourTech
Kurt’s key takeaways
The discovery and removal of 34 malicious extensions from the Chrome Web Store highlight the ongoing issue of such threats in the browser. You should be cautious of permissions, look at reviews thoroughly, update your operating system and web browser software regularly and consider using antivirus software to protect yourself from these potentially harmful extensions. In the meantime, hopefully Google can quickly remove any remaining malicious extensions.
Do you think Google could do a better job removing malicious extensions more quickly? Let us know by writing us at CyberGuy.com/Contact
For more of my security alerts, subscribe to my free CyberGuy Report Newsletter by heading to CyberGuy.com/Newsletter.
Copyright 2023 CyberGuy.com. All rights reserved.