December 22, 2023 at 09:55AM
Three Chrome extensions masquerading as VPNs were found to be malware, infecting users’ machines through pirated video game installers. ReasonLabs discovered the malicious extensions and reported their findings to Google, resulting in their removal from the Chrome Web Store. The extensions targeted Russian-speaking users, stealing data, manipulating web requests, and interfering with other browser extensions.
Based on the meeting notes, the key takeaways are as follows:
– Three malicious Chrome extensions, posing as VPN tools, were downloaded 1.5 million times, infecting users with browser hijackers, cashback hack tools, and data stealers.
– These extensions were distributed via installer hidden in pirated copies of popular video games, particularly targeting Russian-speaking users.
– Google removed the offending extensions from the Chrome Web Store after amassing a total of 1.5 million downloads.
– The malicious extensions had access to significant browser permissions, enabling them to steal sensitive user data, manipulate web requests, disable other extensions, and communicate with command and control servers.
– The report highlights the significant security issues around web browser extensions and recommends routine checks of installed extensions and new reviews in the Chrome Web Store to detect malicious behavior.
Please let me know if you need any further details or analysis based on these takeaways.