Check Chrome and Remove Any of These 70+ Malware Extensions

Another day, another batch of crappy Chrome extensions that you shouldn’t be using. Once again, Google spotted a number of attackers in its Chrome Web Store and gave them a download, but this does not automatically remove these malicious extensions from your browser, so you can do a quick cross-reference to any extensions that sound a little weird.

In other words, you will probably be good if all you use is 1Password and uBlock Origin . However, if you’ve installed something like, say, “Arcade Yum”, it’s time to check and (in this case) uninstall it.

The Cisco Duo Security team was responsible for detecting these malicious extensions, but their investigations were first initiated by the work of security researcher Jamila Kaya. She used the Cisco CRXcavator tool to find these crappy Chrome extensions, many of which mimic each other in terms of attack vectors and what they tried to do to users (and user systems). As Duo describes:

“In the case described here, the creators of Chrome extensions specifically created extensions that hide basic advertising functionality from users. This was done in order to connect browser clients to a governance and control architecture, extract private browsing data without the knowledge of users, expose the user to the risk of usage through ad streams, and try to bypass the fraud detection mechanisms in the Chrome Web Store. While this research and analysis of CRXcavator as a whole can help us understand a lot about the architecture and operation of such malicious extensions, the question of how extensions should be installed on any system is not something we can currently answer. “

According to Duo, about 1.7 million users have installed about 70 extensions that Kaia originally identified. From here, Google searched for and removed a total of about 500 related extensions that performed similar, sketchy actions. Although we do not have a list of them – at least! – you can at least check your Chrome browser for the following:

  • Froovr Promotional Offers
  • Ads from MapsVoyage
  • Promotional offers from QuizKicks
  • Announcements from ArcadeYum
  • MapsScout announcements
  • QuizDiamond advertisements
  • Ads from MapsFrontier
  • Ads from MapsPilot
  • Promotional offers from FreeWeatherApp
  • Promotional offers from MapsPilot
  • Promotional offers from MapsVoyage
  • Promotional offers from GameDaddio
  • ArcadeCookie Offers
  • ArcadeFrontier Ads
  • ads
  • ads
  • Coupon Rockstar Deals
  • CrushArcade Ads
  • Dear advertising quiz
  • DeluxeQuiz Advertising
  • EarthViewDirections Promotions
  • EasyToolOnline Promotions
  • EasyToolOnline Promotions
  • ExpressDirections Announcements
  • ExpressDirections Promotions
  • ExpressDirections Promotions
  • FreeWeatherApp Promotional Offers
  • FreeWeatherApp promotions
  • FreeWeatherApp promotions
  • GameDaddio Marketing
  • GamesChill Ads
  • GameZooks Advertising
  • GoFreeRadio Promotions
  • GreatArcadeHits Ads
  • JumboQuiz Advertising
  • Promotional offers LoveTestPro
  • MapsFrontier Promotional Offers
  • MapsFrontier announcements
  • MapsFrontier Advertising
  • MapsFrontier Promotional Offers
  • MapsFrontier promotions
  • MapsPilot Promotional Offers
  • Promotional offers MapsScout
  • MapsTrek Offers
  • MapsTrek Promotions
  • MapsTrek Promotions
  • MapsTrek Promotions
  • MapsVoyage Ads
  • MapsVoyage Advertising
  • MapsVoyage Promotions
  • Offers from MapsFrontier
  • Offers from MapsScout
  • PackageTrak Promotions
  • PackageTrak Promotions
  • PackageTrak Promotions
  • PackTrackPlus Promotions
  • PackTrackPlus Promotions
  • PackTrackPlus Promotions
  • PackTrackPlus Promotions
  • PlayPopGames advertising
  • PlayThunder offers
  • PlayZiz advertising
  • ProMediaConverter Promotions
  • QuickNewsPlus Promotions
  • Quiz advertising
  • QuizPremium Advertisements
  • RecipeAlly Promo
  • SuperSimpleTools Promotions
  • SuperSimpleTools Promotions
  • YoYoQuiz Advertising
  • YoYoQuiz Promotions

If you have any extensions similar to any of this list installed, remove them – they are malicious. Looking ahead, make sure you’re doing more than just using the Chrome Web Store reviews as a deciding factor in whether you should install an extension or not. Read online to see if others use the extension, have recommended it, or have something to say about it.

You can even add the extensions you plan to add to the Cisco CRXcavator tool if you want to quickly understand if it ‘s risky or not . However, this tool can be a little confusing for ordinary people, so common sense – including visiting an extension developer’s website, thinking about the permissions an extension needs, and trusting your intuition – will probably be your best defense. The extensions are great, but you probably don’t need to package your browser full of them .


Leave a Reply

Your email address will not be published. Required fields are marked *