Cybersecurity giant Kaspersky has identified nearly three dozen Google Chrome extensions carrying a malicious payload, which collectively have amassed around 87 million downloads, including one which accounted for nine million downloads alone.
The company's research stems from the discovery of the PDF Toolbox extension, which loaded arbitrary code on all pages viewed by the user. Further analyses revealed a total of 34 malicious extensions, all marketed as serving different purposes.
While the browser extensions have since been removed from the Chrome Web Store, Kaspersky is quick to point out that they might still be available on users’ devices, urging them to check the list of dodgy extensions and remove any malicious ones.
Malicious Chrome extensions
Kaspersky commended Google for removing the malicious extensions upon notification from the researcher responsible for the discovery and a paper by another “team of experts,” but criticizes the company for not acting on customer reviews.
Many complained of URLs which would mysteriously redirect to adware sites, and in fact, a number of the extensions had already been reported as suspicious by users. A Google spokesperson told TechRadar Pro:
"When we find extensions that violate our policies, we take appropriate action. These reported extensions have been removed from the Chrome Web Store and are automatically disabled for users."
The following Chrome extensions should be removed, according to Kaspersky’s instructions.
- Autoskip for Youtube
- Soundboost
- Crystal Adblock
- Brisk VPN
- Clipboard Helper
- Maxi Refresher
- Quick Translation
- Easyview Reader view
- PDF Toolbox
- Epsilon Ad blocker
- Craft Cursors
- Alfablocker ad blocker
- Zoom Plus
- Base Image Downloader
- Clickish fun cursors
- Cursor-A custom cursor
- Amazing Dark Mode
- Maximum Color Changer for Youtube
- Awesome Auto Refresh
- Venus Adblock
- Adblock Dragon
- Readl Reader mode
- Volume Frenzy
- Image download center
- Font Customizer
- Easy Undo Closed Tabs
- Screence screen recorder
- OneCleaner
- Repeat button
- Leap Video Downloader
- Tap Image Downloader
- Qspeed Video Speed Controller
- HyperVolume
- Light picture-in-picture
More broadly, Kaspersky challenges browser plugins which typically require full access to view and change data on all sites. As such, they can track users, compromise credentials and payment information, and embed ads.
The cybersecurity firm’s advice, then, is to avoid downloading extensions where possible. It says: “the fewer - the safer.” Users should also remove plugins that they no longer need, and make good use of endpoint protection software wherever possible.
- Add that extra layer of protection with the best firewalls