GOOGLE'S CHROME was home to four extensions that were harbouring malware and had been downloaded 500,000 times, despite the browser supposedly being the most secure in the world.
Boffins at network analytics firm ICEBRG found the infected extensions after detecting an unusual spike in outbound network traffic coming from one of their customer's workstations.
Digging into the suspicious spike, the researchers found the traffic was coming from a Chrome extension called HTTP Request, with the outbound traffic being sneakily directed at web links with advertising attached.
After this, they discovered three more extensions doing the same thing; Stickies, Lite Bookmarks, and Nyoogle.
From there, they were able to deduce that the extensions were being used as part of a click-fraud scam that illegitimately generates pay-per-click revenue from website advertising.
But the researchers pointed out that the malware in the extensions could be used for more nefarious proposes in skilled hands: "In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks."
While Google may have stripped the extensions from its Chrome Web Store, the infected extensions could still be in play, and with 500,000 downloaded they effectively create a large botnet for the cybercriminals to tap into.
"The total installed user base of the aforementioned malicious Chrome extensions provides a substantial pool of resources to draw upon for fraudulent purposes and financial gain," the researchers explained.
"The high yield from these techniques will only continue to motivate criminals to continue exploring creative ways to create similar botnets. It should be noted that although Google is working to give enterprises more options for managing Chrome extensions, without upstream review or control over this technique, malicious Chrome extensions will continue to pose a risk to enterprise networks."
While this isn't the first batch of malware-ridden extensions that Chrome has had to face, it looks like the problem isn't going away anytime soon.
As such, it's worth being extra cautious with the extensions you add to Chrome, making sure they come from legitimate sources and that you really do need them before slotting them into the popular browser. µ
It's the week in Google news
Erik Estrada wouldn't have stood for this
Hacks in support of WikiLeaks founder target gov websites