Extensions have long since been the weak link in the Chrome browser’s armor – it’s only real security vulnerability. ![]() ![]() The craziest part is that most of these extensions can still be downloaded and since Avast made Google aware of the issue, only a few of them have been removed from the Web Store, though it’s said that they are currently investigating each. “It could also be that the author sold the original extensions to someone else after creating them and then his client introduced the malware afterwards.” Avast BlogĪpparently, Avast’s Threat Intelligence team started monitoring this threat back in November, but they believe it could have been active for years as reflected in some of the extensions’ reviews. “Our hypothesis is that either the extensions were deliberately created with the malware built in, or the author waited for the extensions to become popular and then pushed an update containing the malware,” Avast researcher Jan Rubin says. ![]() Avast researchers said they believe the extension developers ran the campaign to hijack user traffic for monetary gains stating that “For every redirection to a third-party domain, the cybercriminals would receive a payment.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |