Some of those malicious Chrome extensions included names such as “ScreenShot & Screen Capture Elite”, “Kawaii Wallpaper HD Custom New Tab”, “Shadow Of The Tomb Raider Wallpaper New Tab”, “Weather forecast for Chrome™”, “Unicorn Wallpaper HD Custom New Tab”, “Lil Pump HD New Tab”, “GTA 5 Grand Theft Auto.” The extensions were installed by more than 80 million Chrome users. Last year, security researchers reported a list of 295 malicious Chrome extensions that hijacked Google and Bing search results to inject ads. You can read more about his discovery in the technical write-up. The new attack vector was discovered by security researcher Bojan Zdrnja. However, enabling the developer mode can have more consequences, as threat actors can abuse the Chrome sync feature to bypass firewalls and exfiltrate data. Note that you need to enable Chrome Developer mode in order to use it. If you wish to continue using the extension with its original intent, you can download version 7.1.6 from GitHub. Two new versions followed shortly after the purchase, released in Chrome Web Store. It appears that the original developer, Dean Oemcke, sold the extension in June last year, to an unknown party. The extension began behaving maliciously last November, resulting in Microsoft blocking it on its Edge browser. Its original purpose was to suspend tabs that aren’t in use and replace them with a blank grey screen before they were reloaded. The extension had more than two million installations. Well, they could until Google nuked the extension from their store, the researcher explained. The malicious maintainer remains in control, however, and can introduce an update at any time. After Microsoft removed it from Edge for malware, v7.1.9 was created without this code: that has been the code running since November, and it does not appear to load the compromised script. In v7.1.8 of the extension (published to the web store but NOT to GitHub), arbitrary code was executed from a remote server, which appeared to be used to commit a variety of tracking and fraud actions. The Malicious Capabilities of The Great Suspender ExtensionĪccording to a GitHub post by Calum McConnell, the old maintainer of The Great Suspender most likely sold the extension to unknown parties with intent to exploit users in advertising fraud, tracking, etc. Google already removed the popular add-on and even deactivated it on users’ computers. Have you been using The Great Suspender Chrome extension? If so, you should beware that the extension was found to contain malware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |