Malicious Chrome extensions promoted via Facebook
Posted on 01.02.2013
Malicious Chrome extensions are lurking on the official Chrome Web Store, warns Kaspersky Lab Expert Fabio Assolini, and the campaign for leading users to them starts on Facebook.

The messages appear on compromised accounts, tag several of the victims' friends, include a link to a page hosted on one of several .tk domains, and offer no explanation.

The domains host a webpage in Turkish, urging visitors to download a bogus Google Chrome update and to install a "Chrome Guncellemesi" ("Chrome Update") extension:

Those who opt to do so are redirected to the official Chrome Web Store, where the bogus extension is hosted:

The extension's permissions show that its definitely not benign, as it can access the users' data on all websites; read and modify their browsing history; access their tabs and browsing activity; manipulate settings that control websites' access to cookies, JavaScript, and plugins; and more - and that's not all.

"After installation on a user's computer the extension does a number of malicious things; such as doing the action 'like' on several profiles of users and company pages, as part of a scheme to sell 'likes'. It can also control your Facebook profile entirely, collect cookies, post in your wall, etc," warns Assolini.

Even though Google has been informed of this and they have removed the extension in question from their web store, others are sure to pop up eventually.

Since Google stopped allowing the installation of extensions that are not hosted on the official web store and made silent installations impossible, cybercriminals have been left with no other option but trying again and again to plant their malicious extensions in Google's store.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th