Kaspersky Lab experts have detected a large-scale malware distribution campaign via browser extensions on the official Chrome Web Store. In total, 34 dangerous extensions were discovered, which were installed about 87 million times. informs iXBT portal.
The infected extensions were discovered after cybersecurity researcher Vladimir Palant found a PDF Toolbox extension on the Chrome Web Store that downloads random code from a suspicious site to all pages the user visits. Code analysis showed that the extension could change addresses in search results or add ads.
Then, 33 more extensions with similar malicious code were found, offering different functions such as file conversion, photo editing or bookmark management. These extensions appeared in store in 2021 and 2022 and lasted more than six months despite negative feedback from users.
It was noted that Google removed all extensions detected by experts after the notification, including the most popular of them, Autoskip for Youtube, which was downloaded more than 9 million times. However, users who have already downloaded these extensions will have to manually remove them from their browsers.
Formerly dangerous virus refused It can infect CIS residents’ computers.