The Internet is home to many of the most malicious and dangerous things as, unfortunately, quite a few VPN users seem to have discovered their cost, according to new research from ReasonLabs.
They have discovered three Chrome extensions, which acted as browser hijackers, refund hacking tools and data stealers, which posed as VPN extensions.
What's even more worrying is that these malicious extensions have been downloaded over one and a half million times!
Widespread impact of malicious extensions
According to ReasonLabs, fake VPN extensions were spread through a hidden installer in pirated versions of popular computer games. Some of the games they have named include Grand Theft Auto, Assassin's Creed and The Sims 4.
These versions of the games were most likely downloaded via torrents rather than downloaded from legitimate sites.
ReasonLabs also named the malicious extensions as netPlus (a total of 1 million installations), netSave and netWin (500,000 installations between them).
According to ReasonLabs research, the majority of these downloads were made in Russia and other Russian-speaking countries, including Ukraine, Belarus, and Kazakhstan.
There has been no suggestion as to why the Russian-speaking world has been targeted, although Russia's illegal invasion of a democratic European state in Ukraine hasn't exactly won it many friends around the world.
Malware protection
ReasonLabs discovered that there were more than a thousand different torrent files containing the malicious installation application. Once the torrent was downloaded, the VPN extensions were installed automatically and the user had no way around it as it took place on the registration side and did not require any user input.
Once downloaded, the malicious extensions used a realistic VPN user interface with a very limited degree of functionality. They even included a paid subscription option, which was designed to create a feeling of authenticity.
Once installed, the extensions were able to steal user data, perform browser hijacking, manipulate web requests, and even disable other extensions that were being used in the browser.
Another interesting feature was the ability to disable coupon and rebate extensions, which are believed to aim to eliminate competition and redirect more profits to Chinese hackers.
According to the ReasonLab report, this malicious extension targets more than 100 cashback extensions, and some of the names mentioned include Avast SafePrice, AVG SafePrice, Honey: Automatic Coupons & Rewards, LetyShops, Megabonus, AliRadar Shopping Assistant, Yandex .Market Adviser, ChinaHelper and Backlit.
Before publishing this report, ReasonLabs informed Google of its findings and all malicious extensions have been removed from the Chrome Web Store.
But with over 1.5 million downloads, this report only serves to highlight the enormous risks involved with Chrome extensions.
Users should always be careful what they download, look for reviewers and information, and never download torrents like this.
If you are afraid, you may have already downloaded one of these VPN extensions, review your extensions carefully and remove any that seem unreliable. But to completely clean your device from any malicious extensions, it may be necessary to completely format the hard drive.
