image
Researchers say that 500 Google Chrome browser extensions were discovered secretly uploading private browsing data to attacker-controlled servers, and redirecting victims to malware-laced websites. The browser extensions, all of which have now been removed, were downloaded millions of times from Google’s Chrome Web Store. Browser extensions are used for customizing web browsers, modifying user interfaces, blocking ads and managing cookies. But researchers said that the malicious extensions they discovered are instead part of a massive malvertising campaign that also harvested browser data. Malvertising often is used as a vehicle for fraudulent activity, including data exfiltration, phishing or ad fraud. In this particular instance, bad actors were redirecting victims from legitimate online ad streams to malware-laced pages. “These extensions were commonly presented as offering advertising as a service,” according to Jamila Kaya, an independent security researcher, and Jacob Rickerd, with Duo Security, in a Thursday analysis. “[Security researcher Jamila Kaya] discovered they were part of a network of copycat plugins sharing nearly identical functionality. Through collaboration, we were able to take the few dozen extensions and… identify 70 matching their patterns across 1.7 million users and escalate concerns to Google.” Researchers believe that the actor behind this campaign was active since January 2019, with activity escalating between March and June. After researchers…

Source