Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Chrome Facebook Security

Malicious Chrome Extensions Infect Over 100,000 Users Again (arstechnica.com) 39

An anonymous reader quotes Ars Technica: Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google's official Chrome Web Store. The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected more than 100,000 users, at least one inside a "well-protected network" of an unnamed global manufacturing firm, Radware said...

The extensions were being pushed in links sent over Facebook that led people to a fake YouTube page that asked for an extension to be installed. Once installed, the extensions executed JavaScript that made the computers part of a botnet. The botnet stole Facebook and Instagram credentials and collected details from a victim's Facebook account. The botnet then used that pilfered information to send links to friends of the infected person. Those links pushed the same malicious extensions. If any of those friends followed the link, the whole infection process started all over again. The botnet also installed cryptocurrency miners that mined the monero, bytecoin, and electroneum digital coins.

This discussion has been archived. No new comments can be posted.

Malicious Chrome Extensions Infect Over 100,000 Users Again

Comments Filter:
  • AI (Score:5, Insightful)

    by 110010001000 ( 697113 ) on Thursday May 10, 2018 @09:25PM (#56592696) Homepage Journal
    Good thing we have AI to protect us from running malicious programs. Surely AI is able to do that?
    • Good thing we have AI to protect us from running malicious programs. Surely AI is able to do that?

      Only if we implement blockchain though!

  • Edge... LOL (Score:5, Funny)

    by Lunix Nutcase ( 1092239 ) on Thursday May 10, 2018 @09:29PM (#56592708)

    This is why I only run Edge. You never have to worry about anyone wanting to write malware for it when only three of us use it.

  • by Anonymous Coward
    It cares about market share and tracking over the security of the user. Unfortunatley Firefox has also comprimised its values and therefore it’s extention safety for ads. This leaves users without a viable extention eco system because Edge and Safari extentions aren’t powerful enough and Pale Moon blocks extentions for political reasons. We need a powerful and secure extention system, we deserve better.
  • #rant I hate how many pointless message there are in so many pieces of software, I've actually been sitting with a user who was clicking Ok on Every box that came up and said "I just want it to work..." The problem was that one of the messages had a specific piece of text in it that I wanted so that I could fix the problem. So in amongst the chaff was some actual wheat. Perhaps we'll need to wait until the next generation (who've hopefully grown up knowing about code from primary school) comes along and kn
  • ... breeds dangerous all-powerful problems. As Chrome OS and chrome-style new-gen powerbrowsers and the neat and nifty open web gain more and more ground this is a problem that the company pushing the web - Google - will need to address. Thoroughly. If they don't want their plan to fall flat on its face that is.

    I personally find it very encouraging that the web has finally reached the power it once only had with the all-present Flash and where at the point where we can do basically anything on an open cross-platform technology. Stuff like this however I find discouraging. ... If you push to much of universal computing into the web, more and more malware pusher will adopt and problems like these are likely to increase. Google will have to work on containing this.

    • This has been going on for years and google knows it has too. A couple of years back I had a slashdot story posted about it. This problem was raised to board members within google and still there are malicious extensions within googles extension repository.

  • ...ones?
  • Is it time to give up on computers yet thanks to shitful humans? I am.
  • Can anyone tell me why the browser displays an "Install XYZ extension" dialog when loading a web page?
    We all know that people simply click on "Ok" no matter what is shown on these dialogs.

    It seems to me that the installation of an extension should be entirely manual: go to the extensions page, find the extension by its name, check the information, click on "Install the button", review options such as "give access to ", click on "Validate".

    I doubt that people would make this way easily; it would be likely to filter out many abuses.

    It's not like we need to install dozen extensions every day ; convenience features to help extension installation is useless & dangerous.

  • ...keep using Facebook you idiots!

The wages of sin are unreported.

Working...