Malicious Extensions Downloaded 30 Million Times Found In Chrome Web Store

Sometimes a human being is the absolute best first line of defense for cybersecurity mitigation. In fact, they often are. Google said it would add additional human checks on products that go into the official Google Chrome Store back in 2018. However, those pesky cyber criminals found a way to get people to download malware over 30 million times from the official Chrome Web Store. Most of the downloads were in the form of extensions that supposedly provided some additional service to the user, such as to warn against questionable websites.

Awake Security researchers warned Google about the products and said it did remove 70 of the malicious add-ons. However, too little too late for those who already added them onto their browsers.

Extensions and add-ons can be dangerous and should always be reviewed and researched before being downloaded. More often, the cyber scoundrels are using those to get all types of malware onto unsuspecting users’ machines. Where they used to be primarily used for annoying adware, they have evolved into ransomware or spyware to track users’ actions or steal information. Do a triple check before using these products. If there is any doubt about what it will do, skip it. If you really don’t need it, don’t take that risk.

It isn’t known who may be behind these malicious extensions, but the researchers at Awake said they provided fake information to Google to throw off any human intervention that may have been used anyway.

A Google spokesperson told Reuters, “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”

Stickley on Security