18 Chrome and Edge extensions contained malware, and 2.3 million users installed them

[harlan4096]

What happens when 18 malicious add-ons were distributed on the Chrome Web Store and Microsoft Edge Add-ons? Chaos! Security researchers at Koi Security have published a report about what happened.

Normally, when we hear about malicious extensions, they are usually the sort of hastily thrown together garbage which does nothing. Not this time, the add-ons involved did what they promised, i.e. if it was a color picker extension, it worked like one. The issue is, these extensions were also Trojan horses, which silently hijacked the browser, and spying on you, while maintaining a backdoor for the hackers. Apparently, these add-ons stayed harmless for years, before they became malicious through a version update.

Koi began investigating an extension called Color Picker, Eyedropper — Geco colorpick, and found that it was merely one of many such malicious add-ons. The researchers say this was a coordinated effort called "The RedDirection campaign". The attackers used a rogue army of 18 malicious sophistically crafted extensions across Chrome and Edge stores, to hijack browsers, and managed to infect 2.3 million users across both browsers. Yikes!

Interestingly, the add-ons were distributed in various categories, like VPN, weather forecasts, YouTube related, etc. Some of them have achieved verified status, or have been promoted as "featured extensions" on both the Chrome Web Store and Microsoft Edge Add-ons store. Each of this malware had its own command and control subdomain, to mask the fact they were operating from the same centralized attack infrastructure.

Continue Reading...