Dozens of malicious plugins in Google Chrome extension store with

Dozens of malicious plugins in Google Chrome extension store with 87 million total downloads

“Kaspersky Lab” discovered There are dozens of malicious software products in the Chrome browser extensions store, the most popular of which has already received 9 million downloads and the total number of downloads exceeds 87 million.

    Image source: 377053/

Image source: 377053/

According to the company, the “search” for malicious software detection was initiated by the discovery of cybersecurity researcher Vladimir Palant, who found a PDF Toolbox tool on the Chrome Web Store with a rating of 4.2 and about 2 million downloads, designed for the Conversion of Office documents was intended. Upon closer inspection, it turned out that the software had accessed the attackers’ server in order to download malicious code onto the web pages displayed in the browser.

Further investigation revealed that dozens of “related” extensions access the same server. The “record holder” in terms of the number of downloads was the Autoskip plugin for YouTube, which was downloaded 9 million times by gullible users. It is known that the extensions were uploaded to the store a long time ago – in the past and the year before last, and the complaints of some users about replacing addresses in the search results were ignored by the moderators. After outcry from information security specialists, the plugins were removed.

Browser extensions are particularly dangerous because they need permission to view and modify data on websites in order to function properly. In other words, each plugin can see all the actions on the websites and change the content of the pages at will. This allows you to monitor user’s actions by collecting information about them, stealing card details, logins and passwords, replacing links in search with malicious links, inserting ads and performing other actions. Users themselves install numerous extensions, grant permissions to view and modify data, and moderators take a very lax approach to software review. Furthermore, the malicious plugin remains on users’ devices even after removal from the store.

    Image source: Franz26/

Image source: Franz26/

Kaspersky Lab recommends removing any extension from the list immediately:

  • Autoskip for Youtube
  • sound boost
  • Crystal Ad Block
  • Fast VPN
  • Clipboard Helper
  • Maxi refresher
  • Fast translation
  • Easyview Reader view
  • PDF toolbox
  • Epsilon ad blocker
  • craft cursor
  • Alfablocker ad blocker
  • Zoom plus
  • Base Image Downloader
  • Clicky funny cursors
  • Cursor – A custom cursor
  • Amazing dark mode
  • Maximum color changer for Youtube
  • Great auto update
  • Venus adblock
  • AdblockDragon
  • Readl Reader mode
  • loud noise
  • Image Download Center
  • Font Customizer
  • Easily undo closed tabs
  • screen recorder
  • OneCleaner
  • Repeat button
  • Leap Video Downloader
  • Tap on picture downloader
  • Qspeed video speed controller
  • HyperVolume
  • Bright picture-in-picture

Experts recommend installing as few extensions as possible, reading reviews before installing, and using antivirus tools to monitor the activity of such software.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment