At least 300,000 Google Chrome, Microsoft Edge users hit by malicious browser extensions
SINGAPORE - Users of Google Chrome and Microsoft Edge are falling prey to an ongoing malware campaign that forcibly installs web extensions capable of stealing browsing history and controlling infected devices.
- by autobot
- Aug. 16, 2024
- Source article
Publisher object (23)
SINGAPORE - Users of Google Chrome and Microsoft Edge are falling prey to an ongoing malware campaign that forcibly installs web extensions capable of stealing browsing history and controlling infected devices. In an Aug 16 alert, the Cyber Security Agency of Singapore (CSA) said users using Google Search to download popular software like YouTube and password manager KeePass have been tricked into installing the extensions from lookalike download websites. Roblox FPS Unlocker, which tinkers with popular game building platform Roblox, and media player VLC, were also among baits used by fraudulent sites. At least 300,000 users of Google Chrome and Microsoft Edge have been affected, said cybersecurity firm ReasonLabs, which raised the alarm about the malware on Aug 6. Not only are these malicious extensions difficult to remove, they can evade most antivirus software. Once installed, these extensions persistently return despite attempts to delete it, noted ReasonLab’s researchers. Through the extensions, attackers can change the users’ homepages, hijack search queries and redirect them to malicious websites. They can also steal sensitive information like login credentials, monitor a device’s online activity and remotely execute malicious code. They also hinder Google Chrome’s built-in security features from updating automatically and allow the malware to remain undetected. CSA called on Google Chrome and Microsoft Edge browser users to check whether they have fallen victim to the malware campaign by looking for indicators of compromise that ReasonLabs flagged. Indicators include downloaded installers being digitally signed by “Tommy Tech LTD” and blacklisted extensions like Simple New Tab on Microsoft Edge. The full list can be CSA advised those who discover any of these indicators to remove the malware and the persistence mechanisms associated with it by deleting the malicious scheduled tasks, registry keys, and the malware itself from their device. In its report, ReasonLabs said the firm has alerted Google and Microsoft to the malware campaign, adding that the tech giants are taking measures to deal with the issue. The Straits Times has contacted CSA on whether such cases have been detected in Singapore.