Chrome’s online store doesn’t have a complete defense, and malware developers exploit these vulnerabilities for malicious purposes. However, the threat of malicious extensions is growing and will become a significant threat to companies and organizations around the world.
Let’s explore how one bad Chrome extension can cause big problems for a business.
Is Chrome Web Store virus-free?
The Chrome Web Store is one of the safest places to install extensions on Google Chrome, but it’s by no means impenetrable.
Google does its best to prevent malware from infecting users. for example, they only allow plug-ins to be installed either from the online store or under strict conditions. They then monitor the Chrome Web Store for suspicious activity.
However, they are unable to detect all downloaded bad plugins, and some of them creep through. As such, nothing in the Google Web Store is 100% secure, but it is much safer than downloading random files from the Internet.
How one Chrome extension can compromise your business
Currently, most Chrome extension malware targets only one computer. It can install a keylogger or monitor your browser usage, but all effects will be localized to the computer you are using.
However, a new trend in malware for the Chrome extension is trying to change that. Instead of just delivering a payload, these new positions are gaining a foothold in the victim’s computer.
This foothold can be further spread by the hacker to the organization’s network. A hacker can spy on other computers and file systems on the network if they gain access to network security measures.
As such, this is a development with rogue Chrome extensions that the cybersecurity world has yet to see. Now one person on a wider network can compromise everyone else simply by downloading a bad plugin.
Real-world examples of Chrome extension malware
While this may seem daunting, it doesn’t mean much unless it can happen in the real world. So what evidence do we have that this attack vector is feasible?
Evidence of this development comes from ThreatPost, which keeps tabs on Internet security threats. In their report, they discuss how they found 106 malicious extensions and told Google to remove them.
Malicious removal of the Chrome extension is nothing new; the operation of malware was a concern. It not only stole data from the victim’s computer, but also created a backdoor through which the hacker could access the victim’s network.
How does malware work?
Google’s security check is the biggest barrier to extension malware. If Google detects it, it could lead to new waves of malware; however, malware has a great potential to spread them far and wide if it goes through. Users rely on Chrome Web Store apps, so a malware developer can ensure a high download rate if they succeed.
This special malware strain directs victims to a website to download an infected file. However, if it links directly to a website, Google will sniff it without any problems.
Malware developers avoided this by making a “morphing webpage”. Once the computer connects to the website, the website checks where it came from.
If it wasn’t a business or consumer ISP, most likely a non-human system would visit to see if it was protected – like Google, for example. The site, in turn, would display an innocent landing page that tricks the virus scanner into thinking that the website is safe.
However, if the visitor was an ISP for a business or consumer, the visitor is still a human being. The website responds by directing the user to the “right” website that displays the malicious link.
As such, when developers submit malware to the Chrome Web Store, its virus scanner detects a fake landing page and marks the app as safe. Then, when users downloaded it, they saw a real website with a malware payload.
How long did the malware spread?
Unfortunately, this method was so effective at circumventing detection that 106 Chrome extensions crept past virus scanners. Together, the apps had 32 million downloads – a worrying display of how far these payloads were spreading.
Malware disguised as applications that detect malicious websites or convert file types. These are both highly coveted extensions that people download without second thinking, making it the perfect cover for a payload.
As such, the malware ended up establishing a foothold in 100 different companies and organizations. This included financial, healthcare and even government organizations, which means that hackers had a foothold in many areas.
Because the code database for each application was very similar, the researchers thought one group sent all the extensions. They believed that malware was part of a global surveillance effort to gain a foothold in companies around the world.
Did you download the malware?
If you suspect that you’ve recently downloaded an infected plug-in, there’s a way to check. Type to open the extension page first chrome: // extensions / in the address bar. Find the extension you suspect is malicious and mark the ID below it.
Then compare the ID to the ID list of malicious Chrome extensions. Since extension tokens are a giant alphabet, it’s best to press CTRL + F and paste the suspect’s ID into the box. It will then search the list and notify you if it finds a match.
How to protect yourself against these attacks
This attack is an early warning sign for the future of malware extensions. Because office tools from Google Docs to Zoom allow us to work with our browsers, we’re more likely to find extensions that help us work. As such, malware developers go into expansion mode and create viruses that claim to help in these areas.
Usually looking at the number of downloads would be a dead gift. Apps with few downloads and suspicious 5-star reviews would lead you to malware expansion. However, as we saw above, download numbers are no longer reliable; after all, 32 million people downloaded this malware!
However, you can only install applications that people trust or that have existed for a long time. Once an extension has been around for years and gets a lot of recommendations and positive reviews, you can be sure it has no harmful purpose.
For example, all our recommendations Chrome extensions that enhance your browsing experience
7 Chrome plug-ins to greatly enhance your browsing experience
are real – no malware to take care of.
Keep your Chrome extension clean
It’s easy to assume that all Chrome Web Store extensions are secure, but the truth is other than what. If you need an extension, try trusting old favorites; this way you ensure that there is no hidden malware inside.
If you want to make sure all your extensions behave, remember remove these shady Chrome extensions
5 shady Google Chrome plug-ins, you should uninstall ASAP
Notification of subsidiaries: By purchasing the products you recommend, you help keep your site alive. Read more.