At least 300,000 Google Chrome, Microsoft Edge users hit by malicious browser extensions
Sign up now: Get ST's newsletters delivered to your inbox
Users trying to download popular software like YouTube have been tricked into installing malicious extensions.
PHOTO ILLUSTRATION: PIXABAY
Follow topic:
SINGAPORE - Users of Google Chrome and Microsoft Edge are falling prey to an ongoing malware campaign that forcibly installs web extensions capable of stealing browsing history and controlling infected devices.
In an Aug 16 alert, the Cyber Security Agency of Singapore (CSA) said users using Google Search to download popular software like YouTube and password manager KeePass have been tricked into installing the extensions from lookalike download websites.
Roblox FPS Unlocker, which tinkers with popular game-building platform Roblox, and VLC media player were also among baits used by fraudulent sites.
At least 300,000 users of Google Chrome and Microsoft Edge have been affected, said cyber-security firm ReasonLabs, which raised the alarm about the malware on Aug 6.
These malicious extensions are not only difficult to remove, but can also evade most antivirus software.
Once installed, these extensions persistently return despite attempts to delete them, noted ReasonLabs’ researchers.
Through the extensions, attackers can change users’ homepages, hijack search queries and redirect users to malicious websites.
They can also steal sensitive information like login credentials, monitor a device’s online activity and remotely execute malicious code.
They also hinder Google Chrome’s built-in security features from updating automatically and allow the malware to remain undetected.
CSA called on Google Chrome and Microsoft Edge browser users to check whether they have fallen victim to the malware campaign by looking for indicators of compromise that ReasonLabs flagged.
Indicators include downloaded installers digitally signed by “Tommy Tech LTD” and blacklisted extensions like Simple New Tab on Microsoft Edge. The full list can be viewed here.
CSA advised those who discover any of these indicators to remove the malware and the persistence mechanisms associated with it by deleting the malicious scheduled tasks, registry keys and the malware itself from their devices.
In its report, ReasonLabs said the firm has alerted Google and Microsoft to the malware campaign, adding that the tech giants are taking measures to deal with the issue.
In response to queries on whether such cases have been detected in Singapore, CSA on Aug 17 said it has not received any local reports.
