ReasonLabs cybersecurity researchers have discovered the presence of three fake chrome extensions tThese masquerade as VPNs. While it's easier to get fooled by ads on the Internet, the same goes for web browser extensions you mindlessly download to your PC.
According to the latest report, this new security incident has already affected more than 1.5 million users around the world.
Misleading Origins of Fake Chrome Extensions
(Photo: Rubaitul Azad from Unsplash)
The latest research from ReasonLabs, a cybersecurity company, revealed that fake Chrome extensions disguised as VPNs steal data from your computer.
Disguised as VPNs, the malicious extensions, namely netPlus (1 million installs), netSave and netWin (500,000 installs), infiltrated users' browsers via an installer hidden inside pirated copies of popular video games like Grand Theft Auto, Assassins Creed and The Sims 4. These infected copies of the game are distributed through torrent sites, posing a significant risk to unsuspecting users.
Primarily focusing on Russia and neighboring countries such as Ukraine, Kazakhstan and Belarus, the malicious campaign strategically targets Russian-speaking users. This geographic concentration emphasizes cybercriminals' intent to exploit specific regions.
Related article: Fake 'ChatGPT for Google' Chrome Extension Reportedly Steals Facebook Accounts
Automated infections: silent record-level acquisition
According to B.sleeping computer, The infection process is automated and forced, and occurs at the registry level without any user interaction or requirement. The installer, which ranges in size from 60 MB to 100 MB, leverages over a thousand different torrent files to deliver the malicious payload, facilitating widespread distribution.
Imitation of legitimate VPN services
To create a faรงade of authenticity, malicious extensions employ a realistic VPN user interface, complete with some features and a paid subscription option. This deceptive approach aims to trick users into believing they are using legitimate VPN services, adding a layer of complexity to the cyber threat.
Exploiting DOM access and browser functions
Code analysis reveals extensive permissions of malicious extensions, including access to โtabs,โ โstorage,โ โproxy,โ โwebRequest,โ and more. In particular, abuse of the "off-screen" permission allows malware to execute scripts via the off-screen API, surreptitiously interacting with the current DOM of the web page. This increased access allows extensions to execute various malicious activities.
Malicious extensions go beyond conventional threats and engage in data theft, browser hijacking, and even disable other installed browser extensions. This multifaceted approach allows cybercriminals to manipulate web requests, compromise user data, and eliminate competition by disabling coupon and rebate extensions.
A call for vigilance and routine controls
Clearly, laboratories of reason wants users to be careful when using web browser extensions. The recent critical issue only shows that your data can be compromised even without your knowledge.
As part of the precautionary measure, users are urged to periodically inspect installed extensions and check for new reviews on the Chrome Web Store to identify and report malicious behavior. Confusing extension behavior requires proactive measures to protect against evolving cyber threats, ensuring a safe browsing experience for everyone.
For more reports on Google Chrome, just click here.
Also read: Beware of fake hotel bookings: MrAnon Stealer phishing scam steals data via PDF links
โ 2023 TECHTIMES.com All rights reserved. Not to be reproduced without permission.
:max_bytes(150000):strip_icc()/GettyImages-1821923407-ee343a1c09724faab5e1c3ecb12b74bd.jpg?w=75&resize=75,75&ssl=1 "Markets News, Dec. 22, 2023: Stocks Eke Out Eighth Consecutive Week of Gains")
