Key Highlights :
Google recently removed 32 malicious extensions from the Chrome Web Store, totalling 75 million downloads, that could alter search results and push spam or unwanted ads. According to BleepingComputer, the extensions included legitimate functionality to keep users unaware of the malicious behaviour, which was delivered in obfuscated code.
The malicious extensions were able to alter search results, push spam, and inject unwanted ads into webpages. The malicious code was disguised as a legitimate API wrapper, and allowed the “serasearchtop[.]com” domain to inject arbitrary JavaScript code into any website the user visited.
The malicious code was set to activate 24 hours after installation, which is typical of malicious intent. Google has also blocked the notorious CryptBot malware, which the company claims have stolen data from hundreds of thousands of Chrome browser users in the past year. CryptBot is a type of malware often referred to as an ‘infostealer’ because it is designed to identify and steal sensitive information from victims’ computers such as authentication credentials, social media account logins, cryptocurrency wallets, and more.
Google's removal of these malicious extensions is a welcome move, as it helps protect users from malicious actors and keeps their data secure. Google is taking measures to ensure that the Chrome Web Store is a safe and secure place for users to download extensions, and is actively monitoring the store for malicious extensions.
Users should be aware of the potential risks of downloading extensions from the Chrome Web Store and should only download extensions from trusted sources. Additionally, users should always keep their web browsers up to date to ensure that they are protected from the latest security threats.