The Google Chrome Web Store is the most popular destination for extensions, which lets users to extend the functionality of their browsers. For example, the Teleparty extension lets me host a Netflix party with friends, allowing us to watch the same show or movie simultaneously.
However, according to a new report from Kaspersky, you may want to be careful about what you download on the Chrome Web Store. Cybersecurity researchers discovered that the search-engine giant was inadvertently hosting over 30 malicious Chrome Extensions in the popular online store.
34 malicious Chrome Extensions invaded the Web Store
The malicious Chrome extensions were uploaded to the Chrome Web Store in 2021 and 2022. In other words, these extensions were sitting the Web Store for at least six months before cybersecurity researchers stepped in to analyze them for the aforementioned Kaspersky report.
Many of them are ad blockers and VPNs; take a look at the list below:
- Autoskip for Youtube
- Soundboost
- Crystal Adblock
- Brisk VPN
- Clipboard Helper
- Maxi Refresher
- Quick Translation
- Easyview Reader view
- PDF Toolbox
- Epsilon Ad blocker
- Craft Cursors
- Alfablocker ad blocker
- Zoom Plus
- Base Image Downloader
- Clickish fun cursors
- Cursor-A custom cursor
- Amazing Dark Mode
- Maximum Color Changer for Youtube
- Awesome Auto Refresh
- Venus Adblock
- Adblock Dragon
- Readl Reader mode
- Volume Frenzy
- Image download center
- Font Customizer
- Easy Undo Closed Tabs
- Screence screen recorder
- OneCleaner
- Repeat button
- Leap Video Downloader
- Tap Image Downloader
- Qspeed Video Speed Controller
- HyperVolume
- Light picture-in-picture
Fortunately, Google took them all down, but Kaspersky noted that it took two big-name cybersecurity firms, including itself, before the search engine giant took action to remove these malicious Chrome Extensions.
Among some of the reviews, there were complaints from users about the extensions swapping out addresses in search results with adware links, but according to Kaspersky, "ordinary users' complaints generally go unheeded."
What can these malicious extensions do?
Kaspersky said that browser extensions are breeding grounds for malicious cybercriminal activity because users give them high-level access. Most browser plugins ask your permission to read and change your data on all websites. In other words, ill-intentioned actors can see everything you do and follow all the sites you visit. Plus, they can change the contents of any page.
As such, malicious browser extensions can do the following
- Track your activity to collect and sell information about you
- Steal card details and account credentials
- Embed ads in web pages
- Substitute links in search results
- Replace the browser's home page with an advertising link
What's worse is that a browser extension may play an innocent game at first, but with the owner's command, it can transform into a malicious plugin.
How did these malicious Chrome Extensions get caught?
A Chrome extension named PDF Toolbox alarmed cybersecurity investigator Vladimir Palant when he, upon close inspection, discovered a suspicious extraneous functionality. It had the ability to access a site that "loaded arbitrary code on all pages viewed by the user," according to the Kaspersky report.
Interestingly, PDF Toolbox has a large user page, good reviews, two million downloads, and an average score of 4.2.
This deceptive Chrome extension impelled Palant to see if there were any more infected plugins hiding out in the Web Store, and of course, he found plenty — an additional 33 to be exact.
How to delete a Chrome Extension
Kaspersky said that Google's moderators do an awful job at vetting the security and safety of the extensions that it hosts in the Google Chrome Web Store. If you're concerned about an extension you currently have installed, here are the steps you can take to remove it:
1. Click on the the triple-dot Settings icon
2. Go to Extensions.
3. Click on Manage Extensions.
Here, you can click Remove on any suspicious extensions you feel have malicious intent.