Home / Security / Security: What You Need to Know About the Latest Chrome Extension Malware Campaign

Security: What You Need to Know About the Latest Chrome Extension Malware Campaign

Security:

A massive undercover surveillance network was recently outed by the cybersecurity firm Awake Security. It’s serious enough that you should once again triple-check that you aren’t using shady extensions in your Chrome browser.

Awake Security found that over 60 percent of the web domains owned by the company GalComm are hosting malware and spying tools being used by at least 111 Chrome extensions that have been downloaded more than 32 million times—and that’s only counting those that were listed in the Chrome Web Store. Through these browser extensions, GalComm accessed millions of personal and corporate networks to collect massive amounts of data, and used sophisticated circumvention methods to avoid detection, despite the large scale of the operation.

The full list of all 111 malicious extensions can be found here. The list is a bit of a mess and it contains plenty of duplicates (all with different extension IDs), so we took some time to clean it up. Here are the extensions you’ll want to look for in your Chrome installation (accessible by navigating to Window > Extensions) and delete immediately if you find them:

  • browse-safer
  • browsing-protector
  • browsing-safety-checker
  • bytefence-secure-browsing
  • convertwordtopdf
  • doctopdf
  • easyconvert
  • easyconvertdefault-search
  • gofiletopdf
  • mydocstopdf
  • pdf2doc
  • pdf-ninja-converter
  • pdf-opener
  • quicklogin
  • quickmail
  • search-by-convertfilenow
  • search-by-convertpdfpro
  • search-manager
  • secured-search-extension
  • secure-web-searching
  • securify-for-chrome
  • thedocpdfconverter
  • theeasywaypro
  • thesecuredweb-protected-b
  • ttab
  • viewpdf

The extensions that made it onto Google’s store have been removed and many should be deactivated already, but you’ll need to uninstall any you side-loaded from non-Google sources.

How to keep your browser (and your data) safe from fake add-ons

This is one of the larger malware campaigns uncovered in a while. Using malicious browser extensions to spy on people isn’t anything new, but it’s becoming more common. The fact that so many extensions were implicated—and that most of them were available on Google’s Chrome Store—is alarming, but there are ways to keep yourself safe.

G/O Media may get a commission

Stick to well-known sources

The safest practice you can employ when browsing the Chrome Web Store is to stick to well-known extensions made by verified publishers. Yes, that might limit you from downloading a super-cool-sounding extension that does that one thing you really, really were looking for, but it’ll also keep your data a lot safer.

Obviously, how much safety you’re willing to trade for comfort is your deal—and we recommend lesser-known extensions on occasion, too—but it’s one thing to trust a decent-sounding, solo developer with a good track record, and another thing entirely to download the first extension you see because it sounds interesting without paying attention to any other details about who created it (and what they want from you).

Security: Illustration for article titled What You Need to Know About the Latest Chrome Extension Malware Campaign

Screenshot: Brendan Hesse

The Chrome Extension store has a “By Google” search filter, useful for sticking to only first-party extensions, and Mozilla has a list of recommended Firefox add-ons that you can always trust if you don’t want to venture out into scarier waters.

If you do, it’s still best to confine your installations to extensions hosted on your browser’s official store. Companies like Google do their best to vet the add-ons they allow onto their digital marketplaces—but as Awake’s report shows us, it’s easy for shady developers to work around privacy policies and security features.

Still, there’s a higher likelihood an extension is legit if it is on your browser’s official add-on store, rather than if you’re downloading it from some random web page or pop-up ad—just make sure you’re downloading what you think you’re downloading: Check that the extension’s name, description and details all match up, and look to see if the extension’s reviews sound more planted than authentic. When in doubt, don’t install it—or go searching around for a more well-known alternative.

Check permissions

Like phone apps, you should be skeptical of any extensions that ask for permissions beyond their advertised use. Similarly, extensions that perform a redundant or unnecessary task should be avoided at all costs.

Pretty much every extension listed in Awake Security’s report asked for at least one sketchy or over-reaching permission. For example, many wanted to “take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes (like passwords).”

Security: An example of a fake extension asking to be downloaded from a pop-up ad.

An example of a fake extension asking to be downloaded from a pop-up ad.
Image: Awake Security

When you first add an extension to your browser, a notification will pop up listing what it is able to do. If you don’t feel comfortable with what it’s asking, click “Cancel” to stop the installation. And if you ever suspect an extension you’’re using of malicious activity, report it immediately.

Look for a privacy policy

If an extension is able to access sensitive information and doing so is necessary based on the extension’s intended use, make sure the publisher’s privacy policy clearly outlines how said data is accessed, stored and protected. The privacy policy should be linked in the extension’s store description or available on the publishing company’s official website. If it’s unclear or you can’t find that information, then don’t install it.

And if you do find a privacy policy, should you trust it? Well, it’s not hard for a shady developer to say they’re respecting your privacy when they really aren’t, but the blatant omission of a policy is just one more data point you can use to weigh an extension’s trustworthiness.

Try open-source options

While our general recommendation is to stick with well-known, verified extensions, that doesn’t mean smaller third-party add-ons or unofficial download locations are inherently dangerous. However, they do need to be approached with extra caution. Many perfectly safe extensions are available from independent developers on places like the XDA forums or GitHub.

While you can’t take an extension’s presence on those platforms as an assurance they’re safe, these open-source projects often have transparent code and privacy policies that make them easier to vet. And if you have no idea what you’re looking for, do your research: Read some forums. Look at Twitter. Hit up Reddit. See if anyone else has raised any red flags about the extension you want to install before

Read More

About admin

Check Also

Security: Former DHS official on Trump revealing secret intel: This is damning

Security: Former DHS official on Trump revealing secret intel: This is damning

Former Department of Homeland Security Chief of Staff MilesTaylor reacts to President trump revealing top secret information about a new nuclear weapon system to journalist Bob Woodward during an interview.

Leave a Reply

Your email address will not be published. Required fields are marked *