Google has axed a slew of Chrome browser extensions that were part of a malicious advertising network. The malicious extensions were uncovered by an independent security researcher, Jamila Kaya, together with Cisco’s Duo Security team. Most extensions busted offered advertising as a service.
While digging through the different browser extensions, the team discovered a network of 71 extensions working similarly with over 1.7 million installations.
The extensions were allegedly infecting users’ browsers and extracting personal data to be used in a malicious advertising campaign a.k.a malvertising.
After notifying Google, the company inspected the entire Chrome Web Store and uncovered more than 500 extensions with a related activity.
Malvertising has become common, despite being a prominent technique for years, said the team in a statement. Malicious extensions are now playing safe by leveraging legitimate activities to obscure their dark intentions.
“A very popular way to do this is to utilize advertising cookies and the redirects therein to control callbacks and evade detection,” noted the team in the report. This technique is one of the common infection vector these days.
“Malvertising often occurs within other programs, acting as a vehicle for multiple forms of fraudulent activity, including ad-fraud, data exfiltration, phishing, and monitoring and exploitation.”
The technique will continue to flourish, according to Duo, as long as tracking-based advertising stays in place. Plus, lack of proper scrutiny of extensions before they are listed on the Web Store.
Auditing your browser extensions is recommended. Remove those that you don’t need and report any unfamiliar extensions.