 |
| Google removes more than 500 harmful additions to the Chrome browser |
A two-month joint investigation by the Cisco Duo Security team and Jamila Kaya security researcher concluded that Google has removed more than 500 additional harmful browser functionality from official internet stores, and these units inject malicious ads and pull user data under the attacker's control on the server.
These extensions are part of the advertising and fraud campaign that started at least since January 2019. However, there is evidence that program authors may have been active since 2017, and the research team also believes that the team organizing this process may have been active since 2010.
According to the investigation, 70 of these attachments have been installed more than 1.7 million times. When this discovery was shared with Google, the company identified the most complicated 430 extensions in the browser and they were all disabled.
"As long as tracking-based ads are ubiquitous, especially when users remain unprotected, malicious ads will continue to appear as a vector of growth to grow," said Jacob Rickerd of the Cisco Duo Security team.
Researchers are using a tool called CRXcavator to evaluate the security of the Duo Security Chrome add-on. This tool can be used to secure browser plug-ins by secretly connecting the browser client to the attacker's control server, and possibly the attacker. Unknown to the user. Extracting private browser data under certain conditions.
These plugins are used as plugins for promotions and advertising services and contain almost the same source code, but they work under different names so you can remove malware and the malware search mechanism for that. Chrome Web Store
Not only does the plugin require full access to the plugin to access the clipboard and all cookies stored locally in the browser, but it also regularly links to websites with the same name as the plugin to check instructions for uninstalling the browser,
It is worth noting that this is not the first time that a Chrome browser plug-in has been stolen, as security researcher Sam Jadali announced in July last year that the Google Chrome Plug-in installed by millions of users resulted in a large amount of data DataSpii is called a leak.