Did you know From Torrents to Trojans: The Infiltration of 1.5 Million Devices by Shady Chrome Extensions
Three tricky Chrome extensions, pretending to be VPNs, snuck into 1.5
million devices, playing both browser tricksters and data grabbers.
The
name of those extensions include, netPlus (with 1 million installs),
netSave, and netWin (500,000 installs), cleverly hid in an installer
tucked into pirated versions of hot video games like Grand Theft Auto,
Assassins Creed, and The Sims 4, floating around on torrent sites.
ReasonLabs,
the watchful eye, quickly informed Google about these sneaky behaviors,
and they got kicked out of the Chrome Web Store. But not before leaving
a mark with 1.5 million downloads. Their main target? Russian-speaking
users, with most infections popping up in Russia, Ukraine, Kazakhstan,
and Belarus.
These crooky extensions slide in through a sly electron app in the
installation process, weighing in between 60MB to 100MB, cunningly
hidden in over a thousand sneaky torrent files. Installation happens
quietly at the registry level, automatic and mandatory, so users don't
have to lift a finger.
Checking out the code reveals these
browser extensions can do a lot, taking control of "tabs," "storage,"
"proxy," "webRequest," and more. They pretend to be legit VPNs, with a
paid option and a realistic look to fool you.
Taking advantage of
the 'offscreen' permission, the bad actors can quietly mess with the
web page's insides, running scripts and pulling strings. With all this
access, they can swipe your secrets, hijack your browser, and even shut
down other extensions you've installed.
What's interesting is
they're not picky. These extensions mess with over 100 money-saving and
coupons related extensions, like Avast SafePrice, AVG SafePrice, Honey,
and more. They chat with command and control servers, swapping info,
figuring out who's who, and quietly lifting sensitive stuff.
This
report shouts about how risky browser extensions can be, always hiding
their true selves. Checking your extensions and peeking at Chrome Web
Store reviews can help dodge these digital tricks. Keep your eyes
peeled, readers.
m