Google purges 500 harmful Chrome extensions from its Web Store

The extensions injected aggressive, infectious advertisements into millions of users’ browsers

Google has deactivated at least 500 malware-ridden Chrome extensions from its Web Store following the findings of an independent security investigation. 

The removed extensions employed aggressive ‘malvertisements’ by steering users to destination links susceptible to malware downloads and phishing attacks. 

Concern originally rose after independent security researcher Jamila Kaya flagged the activity as suspicious, recognising a common URL across a number of malicious ad redirects, all of which stemmed from a variety of Chrome extensions.

"Individually, I identified more than a dozen extensions that shared a pattern," Kaya told ZDNet

Kaya contacted researchers at Cisco’s Duo Security, and together they used Duo’s security extension ‘CRXcavator’ to identify the Chrome add-ons as dubious, belonging to “a network of copycat plugins sharing nearly identical functionality” as described by Duo’s report on the issue. 

Google’s “receptive and responsive” reaction saw the company swiftly remove more than 500 associated extensions from Chrome’s Web Store, which according to Duo, had garnered an install count totaling more than 1.7 million Chrome users.

“We appreciate the work of the research community, and when we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” said a Google spokesperson in response to Duo’s report. 

Although the ad redirects were described to be particularly hostile and noticeable, this strategy of forceful redirection seems to have become typical of digital advertisers. Thus, it is especially difficult for users to gauge whether or not an ad redirect will jeopardise their personal security. 

Duo researchers speculate the group behind the network to have been operating since the early half of the 2010s. The extensions are suspected to have belonged to a larger malware network operation active for at least two years.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021