What You Need to Know About the Latest Anti-Malware Campaign for Chrome Extensions

Posted on by

Cybersecurity firm Awake Security recently uncovered a massive covert surveillance network. This is serious enough that you should check three times to see if you are using shadow extensions in your Chrome browser.

Awake Security found that over 60 percent of GalComm-owned web domains contain malware and spyware, used by at least 111 Chrome extensions that have been downloaded over 32 million times – and that’s just counting those that have been listed on the Internet. -shop Chrome. Through these browser extensions, GalComm gained access to millions of personal and corporate networks to collect massive amounts of data and used sophisticated workarounds to evade detection despite the large scale of the operation.

A complete list of all 111 malicious extensions can be found here . The list is a bit messy and contains a lot of duplicates (all with different extension IDs), so it took us a while to clean it up. Here are the extensions you’ll want to find in your Chrome installation (available by going to Window > Extensions ) and uninstall them immediately if you find them:

  • browse safer
  • browse protection
  • security check while browsing
  • bytefence-safe browsing
  • convertwordtopdf
  • doctopdf
  • easyconvert
  • easyconvertdefault-search
  • gofiletopdf
  • mydocstopdf
  • pdf2doc
  • PDF Ninja Converter
  • pdf opener
  • quick entry
  • fast Mail
  • search by conversion
  • search by conversionpdfpro
  • search manager
  • protected-search-extension
  • safe web search
  • Securify-for-Chrome
  • thedocpdfconverter
  • easy way
  • these ccuredweb-protected-b
  • ttab
  • viewpdf

The extensions that made it to the Google store have been removed and many of them should already be deactivated, but you will need to delete anything you downloaded from outside of Google sources.

How to protect your browser (and your data) from fake add-ons

This is one of the largest malware campaigns detected in recent times. Using malicious browser extensions to spy on people is not new, but it is becoming more common . The fact that there were so many extensions involved – and that most of them were available in the Google Chrome Store – is alarming, but there are ways to keep yourself safe.

Stick to known sources

The safest practice you can use when browsing the Chrome Web Store is to stick with well-known extensions made by verified publishers . Yes, it can restrict you from downloading a super-cool-sounding extension that does what you really, really were looking for, but it also keeps your data much more secure.

Obviously, your deal is security, which you are willing to trade for comfort – and we also recommend lesser-known extensions from time to time – but it’s one thing to trust a decent-sounding individual developer with a good track record, and it’s another to download the first extension in its entirety. which you see because it sounds interesting without paying attention to any other details about who created it (and what they want from you).

The Chrome extension store has a By Google search filter useful for using only native extensions, and Mozilla has a list of recommended Firefox add-ons that you can always trust if you don’t want to risk it. water.

If you do, it’s still best to limit your installations to extensions hosted in your browser’s official store. Companies like Google are doing their best to check the add-ons they allow on their digital marketplaces, but the Awake report shows that it’s easy for questionable developers to bypass privacy policies and security features.

However, there is a higher likelihood that an extension is valid if it is in your browser’s official add-on store, rather than if you download it from some random web page or pop-up ad – just make sure to you download what you think you are downloading: make sure the name, description, and details of the extension match , and see if the reviews for the extension sound more mundane than credible. If in doubt, don’t install it or look for a better known alternative.

Check Permissions

As with phone apps, you should be skeptical of any extensions that ask for permissions that go beyond their advertised use. Similarly, extensions that perform redundant or unnecessary tasks should be avoided at all costs.

Nearly every extension cited in the Awake Security report requested at least one sketchy or over-sized permission. For example, many wanted to “take screenshots, read the clipboard, collect credential tokens stored in cookies or parameters, capture user keystrokes (eg passwords).”

When you first add an extension to your browser, a toast notification appears listing its capabilities. If you are not happy with what it asks about, click Cancel to stop the installation. And if you ever suspect that an extension you are using is malicious, please report it immediately.

Look for privacy policy

If an extension can access sensitive information and this is necessary depending on the intended use of the extension, make sure the publisher’s privacy policy clearly states how to access, store and protect that information. The privacy policy must be specified in the description of the extension store or available on the official website of the publishing company. If something is not clear or you cannot find this information, do not install it.

And if you find a privacy policy, should you trust it? Well, it’s not hard for a dubious developer to say that they respect your privacy when they really don’t, but this flagrant policy oversight is just another data point that you can use to gauge the reliability of an extension.

Try open source options

While our general recommendation is to stick to well-known, tried-and-true extensions, this does not mean that small third-party add-ons or unofficial download locations are inherently dangerous. However, they should be approached with the utmost care. Many completely secure extensions are available from independent developers on the XDA forums or GitHub.

While the presence of an extension on these platforms cannot guarantee that they are secure, these open source projects often have transparent code and privacy policies that make them easier to verify. And if you have no idea what you’re looking for, do your research: read the forums. Check out Twitter. Go to Reddit. Before installing, check to see if anyone has checked the red flags for the extension you want to install.

More…

0
Security

Leave a Reply