Do you use any of the following Chrome browser extensions?
- Change HTTP Request Header
- Nyoogle – (a custom logo for Google)
- Stickies – (a Post-It note for Chrome)
- Lite Bookmarks
If so, you’re not alone. These four extensions have a combined user base of more than half a million.
Recently, security researchers from ICEBRG (a US cyber-security company) have discovered malicious codes embedded in copies of these on the official Chrome Web Store. The code allows hackers to manipulate the users’ browser via JavaScript.
So far, the hackers have only contented themselves with relatively tame activities like loading and displaying ads, clicking on ads, and loading malicious web pages in the background. However, the potential exists to do much more than this.
Since ICEBRG informed Google, the company has removed three of the four plugins from the Web Store. As of this moment, only Nyoogle remains, though the expectation is that it will be removed in short order as well.
While all four extensions utilize the same basic techniques, and do many of the same things, it is not clear if all four were created by the same group, although this seems likely.
Since the extensions have now been (mostly) removed, the rate of infection will slow. Of course, if you’ve already downloaded and installed one of these four, then you are going to continue to be impacted.
The extensions are easy to uninstall, and if you’re using one of them, that is the recommended course of action.
In recent months, Google has taken steps to make their auditing process more robust to prevent malicious extensions and apps from finding their way onto the web properties they manage. As this latest incident proves, no matter how careful a company is, sooner or later something is going to slip through.