500K Users Hit by Compromised Google Chrome Extensions

If you own a smartphone or tablet, you’ve probably downloaded a few apps over the years. The apps that power our devices make them unique to our needs, meaning it’s possible that no two mobile devices are actually the same. You might not know that you can do something similar with your computer’s internet browser, too. By downloading “add-ons” or “extensions” from within the browser’s settings, you can customize your browsing experience. Much like many apps, outside companies develop the extensions for us to use, and unfortunately (much like apps), some of those extensions can contain flawed, harmful, or even malicious code.

Security researchers at ICEBRG just discovered four extensions for Google Chrome, the world’s most widely used browser, that contain just such harmful contents. The four extensions, HTTP Request Header, Nyoogle, Stickies, and Lite Bookmarks, have been downloaded by users around the world as many as 500,000 times.

On its own, HTTP Request Header isn’t all that malicious, but in combination with any of the others, it is. The researchers who uncovered this issue on one of their customer’s workstations have determined that the purpose of the code was to launch a “click fraud” campaign, although it was far more capable of causing harm than that. The same mode of attack could have been used to root around in the infected computer to glean information from websites the user visits.

A click fraud campaign “earns” money for the malicious developer by redirecting your internet use through sites that pay them for advertising. It’s a way to fudge the numbers and make advertisers think more people saw their product than actually did, while they make money for every person they brought there without their knowledge.

Chrome is considered one of the world’s most secure web browsers, largely due to the fact that the company is often on top of these security issues. Also, the browser is well-known for its “sandboxing” capabilities, meaning security threats can’t get into the “sandbox” surrounding your internet activity and take hold. That doesn’t apply to extensions, though, and this marks the third massive Chrome extension threat in about six months.

Google has already removed these extensions from its third-party catalog, but it should serve as a warning to users to be very wary of the apps, add-ons, and extensions they download and install, especially if they were created by third parties.