MALWARE ALERT: Remove These Dodgy Chrome Extensions ASAP

Google has identified a number of bad actors in its Chrome Web Store and given them the boot — but that doesn’t automatically remove these malware extensions from your browser. Here’s what you need to know.

If you’re a prolific user of Chrome extensions and widgets, you might want to do a quick cross-reference of any that sound a little odd. You’re probably good if all you use is 1Password and uBlock Origin. However, if you’ve installed something like, say, “Arcade Yum,” it’s time to check and (in this case) remove it.

Cisco’s Duo Security team was responsible for the digging up these malicious extensions, but their investigations were first prompted by the work of security researcher Jamila Kaya. She used Cisco’s CRXcavator tool to find these crappy Chrome extensions, with many of them mimicking each other in terms of attack vectors and what they were trying to do to users (and users’ systems). As Duo describes:

“In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users. This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms. While this research and CRXcavator’s analysis in general can help us understand a lot about the architecture and operation of such malicious extensions, the question of how the extensions got to be installed on any system is not one we have the data to answer at this time.”

According to Duo, around 1.7 million users had installed the 70 or so extensions that Kaya initially identified. From there, Google searched and removed a total of 500 or so related extensions that performed similar, sketchy activities. While we don’t have a list of those—if only!—you can at least check your Chrome browser for the following.

Delete these Chrome extensions

  • Ad offers by Froovr

  • Ads by MapsVoyage

  • Advertisement Offers by QuizKicks

  • Advertisements by ArcadeYum

  • Advertisements by MapsScout

  • Advertisements by QuizDiamond

  • Advertising by MapsFrontier

  • Advertising by MapsPilot

  • Advertising Offers by FreeWeatherApp

  • Advertising Offers by MapsPilot

  • Advertising Offers by MapsVoyage

  • Advertisment Offers by GameDaddio

  • ArcadeCookie Offers

  • ArcadeFrontier Ads

  • ClassifiedsNearMe Promos

  • ClassifiedsNearMe Promos

  • CouponRockstar Offers

  • CrushArcade Ads

  • DearQuiz Advertising

  • DeluxeQuiz Advertising

  • EarthViewDirections Promotions

  • EasyToolOnline Promos

  • EasyToolOnline Promos

  • ExpressDirections Ads

  • ExpressDirections Promos

  • ExpressDirections Promos

  • FreeWeatherApp Advertisement Offers

  • FreeWeatherApp Promos

  • FreeWeatherApp Promotions

  • GameDaddio Marketing

  • GamesChill Ads

  • GameZooks Advertisements

  • GoFreeRadio Promos

  • GreatArcadeHits Ads

  • JumboQuiz Advertising

  • LoveTestPro Ad Offers

  • MapsFrontier Advertisement Offers

  • MapsFrontier Advertisements

  • MapsFrontier Advertising

  • MapsFrontier Advertising Offers

  • MapsFrontier Promos

  • MapsPilot Ad Offers

  • MapsScout Advertising Offers

  • MapsTrek Offers

  • MapsTrek Promos

  • MapsTrek Promos

  • MapsTrek Promotions

  • MapsVoyage Ads

  • MapsVoyage Advertising

  • MapsVoyage Promotions

  • Offers by MapsFrontier

  • Offers by MapsScout

  • PackageTrak Promos

  • PackageTrak Promos

  • PackageTrak Promos

  • PackTrackPlus Promos

  • PackTrackPlus Promotions

  • PackTrackPlus Promotions

  • PackTrackPlus Promotions

  • PlayPopGames Ads

  • PlayThunder Offers

  • PlayZiz Advertisements

  • ProMediaConverter Promotions

  • QuickNewsPlus Promos

  • QuizFlavor Advertising

  • QuizPremium Advertisements

  • RecipeAlly Promos

  • SuperSimpleTools Promos

  • SuperSimpleTools Promos

  • YoYoQuiz Advertisements

  • YoYoQuiz Promotions

If you have any extensions installed that sound like any on this list, remove them—they’re malware. Going forward, make sure you’re doing more than just using reviews on the Chrome Web Store as the deciding factor for whether you should install an extension or not. Read around the web to see if others are using the extension, have recommended it, or have anything to say about it.

You can even throw extensions you’re considering into Cisco’s CRXcavator tool, if you want to get a quick sense of whether it’s risky or not. The tool might be a bit confusing for regular people, though, so common sense—including visiting an extension developer’s website, thinking about he permissions an extension wants, and trusting your gut—is probably going to be your best defence. Extensions are great, but you probably don’t need to pack your browser full of them.

Comments


Leave a Reply