Google Wipes Out 32 Malicious Chrome Extensions to Curb Spam & Ads

Google has announced a significant clean-up operation within its Chrome Web Store, deleting 32 extensions implicated in malicious activities. In a major clampdown on cyber threats, these errant extensions, with a staggering combined download count of 75 million, have been erased from the web store. These extensions had the potential to manipulate search results, inject spam, and promote unwarranted ads.

To maintain a veil of authenticity, the extensions appeared to incorporate valid functionalities. This ploy was intended to keep users oblivious to the malicious undertones. The cybersecurity expert Wladimir Palant unveiled that these extensions housed harmful code, cleverly masked as a legitimate API wrapper. Notably, the ‘PDF Toolbox‘ extension, boasting 2 million downloads, was among the culprits.

Upon close examination, Palant found that the code permitted the “serasearchtop[.]com” domain to inject arbitrary JavaScript code into any website visited by the user. The abuse potential of this code is broad, ranging from ad insertion into web pages to potential theft of sensitive data. Interestingly, the code was programmed to spring into action 24 hours post the installation of the extension, a characteristic usually associated with malevolent intentions.

In his subsequent investigative report, Palant noted that he had identified the same suspect code in another 18 Chrome extensions, summing up to a whopping 55 million downloads. Some infamous examples include ‘Autoskip for Youtube,’ ‘Soundboost,’ ‘Crystal Ad block,’ ‘Brisk VPN,’ ‘Clipboard Helper,’ and ‘Maxi Refresher.’ At the time of Palant’s second report, all of these extensions remained accessible in the Chrome Web Store.

As part of their cybersecurity vigil, Google has successfully obstructed the notorious CryptBot malware. This malware has been branded an ‘infostealer,’ given its design purpose to detect and rob sensitive information from the user’s computer. CryptBot is known to have breached data security of hundreds of thousands of Chrome browser users in the past year, pilfering authentication credentials, social media account logins, and even cryptocurrency wallets.

Avast, the cybersecurity firm, affirmed the malicious nature of these extensions and expanded the list to 32. Their investigation led to the conclusion that these seemingly harmless extensions were adware, capable of hijacking search results to display sponsored links and paid results, occasionally serving malicious links.

Following these alarming discoveries, a Google spokesperson confirmed that the “reported extensions have been removed from the Chrome Web Store.” Google ensures that all developers must comply with the Web Store’s stringent safety policies. Despite the precautions, users must take manual action to deactivate or uninstall these extensions from their browsers as their removal from the Web Store doesn’t trigger automatic deactivation.

Google’s actions reaffirm its commitment to safeguarding the privacy and security of its users against any violations. However, the scale of these malicious extensions, which potentially targeted millions of users worldwide, underscores the persistent threat of cyberattacks. As users, we must remain vigilant and proactive in protecting our digital landscape.