Windows 10 News and info | Forum
March 31, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Check Chrome and Remove Any of These 70+ Malware Extensions  (Read 37 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 31260


I Do Windows


WWW Email
« on: February 15, 2020, 11:23:48 PM »
ReplyReply

Another day, another batch of crappy Chrome extensions that you shouldn’t be using. Once again, Google has identified a number of bad actors its Chrome Web Store and given them the boot—but that doesn’t automatically remove these malware extensions from your browser, so you might want to do a quick cross-reference of any extensions that sound a little odd.

In other words, you’re probably good if all you use is 1Password and uBlock Origin. However, if you’ve installed something like, say, “Arcade Yum,” it’s time to check and (in this case) remove it.

Cisco’s Duo Security team was responsible for the digging up these malicious extensions, but their investigations were first prompted by the work of security researcher Jamila Kaya. She used Cisco’s CRXcavator tool to find these crappy Chrome extensions, with many of them mimicking each other in terms of attack vectors and what they were trying to do to users (and users’ systems). As Duo describes:

Quote
“In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users. This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms. While this research and CRXcavator’s analysis in general can help us understand a lot about the architecture and operation of such malicious extensions, the question of how the extensions got to be installed on any system is not one we have the data to answer at this time.”


According to Duo, around 1.7 million users had installed the 70 or so extensions that Kaya initially identified. From there, Google searched and removed a total of 500 or so related extensions that performed similar, sketchy activities. While we don’t have a list of those—if only!—you can at least check your Chrome browser for the following:

   • Ad offers by Froovr

   • Ads by MapsVoyage

   • Advertisement Offers by QuizKicks

   • Advertisements by ArcadeYum

   • Advertisements by MapsScout

   • Advertisements by QuizDiamond

   • Advertising by MapsFrontier

   • Advertising by MapsPilot

   • Advertising Offers by FreeWeatherApp

   • Advertising Offers by MapsPilot

   • Advertising Offers by MapsVoyage

   • Advertisement Offers by GameDaddio

   • ArcadeCookie Offers

   • ArcadeFrontier Ads

   • ClassifiedsNearMe Promos

   • ClassifiedsNearMe Promos

   • CouponRockstar Offers

   • CrushArcade Ads

   • DearQuiz Advertising

   • DeluxeQuiz Advertising

   • EarthViewDirections Promotions

   • EasyToolOnline Promos

   • EasyToolOnline Promos

   • ExpressDirections Ads

   • ExpressDirections Promos

   • ExpressDirections Promos

   • FreeWeatherApp Advertisement Offers

   • FreeWeatherApp Promos

   • FreeWeatherApp Promotions

   • GameDaddio Marketing

   • GamesChill Ads

   • GameZooks Advertisements

   • GoFreeRadio Promos

   • GreatArcadeHits Ads

   • JumboQuiz Advertising

   • LoveTestPro Ad Offers

   • MapsFrontier Advertisement Offers

   • MapsFrontier Advertisements

   • MapsFrontier Advertising

   • MapsFrontier Advertising Offers

   • MapsFrontier Promos

   • MapsPilot Ad Offers

   • MapsScout Advertising Offers

   • MapsTrek Offers

   • MapsTrek Promos

   • MapsTrek Promos

   • MapsTrek Promotions

   • MapsVoyage Ads

   • MapsVoyage Advertising

   • MapsVoyage Promotions

   • Offers by MapsFrontier

   • Offers by MapsScout

   • PackageTrak Promos

   • PackageTrak Promos

   • PackageTrak Promos

   • PackTrackPlus Promos

   • PackTrackPlus Promotions

   • PackTrackPlus Promotions

   • PackTrackPlus Promotions

   • PlayPopGames Ads

   • PlayThunder Offers

   • PlayZiz Advertisements

   • ProMediaConverter Promotions

   • QuickNewsPlus Promos

   • QuizFlavor Advertising

   • QuizPremium Advertisements

   • RecipeAlly Promos

   • SuperSimpleTools Promos

   • SuperSimpleTools Promos

   • YoYoQuiz Advertisements

   • YoYoQuiz Promotions

If you have any extensions installed that sound like any on this list, remove them—they’re malware. Going forward, make sure you’re doing more than just using reviews on the Chrome Web Store as the deciding factor for whether you should install an extension or not. Read around the web to see if others are using the extension, have recommended it, or have anything to say about it.

You can even throw extensions you’re considering into Cisco’s CRXcavator tool if you want to get a quick sense of whether it’s risky or not. The tool might be a bit confusing for regular people, though, so common sense—including visiting an extension developer’s website, thinking about the permissions an extension wants, and trusting your gut—is probably going to be your best defense. Extensions are great, but you probably don’t need to pack your browser full of them.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page March 08, 2020, 12:32:53 AM