Google has already removed them from the Chrome Web Store
The Kaspersky Lab team has warned about their new malware discovery. In the Chrome Web Store, the official online store for extensions for Google’s proprietary browser, experts have found dozens of malicious extensions. The most popular of the extensions had over 9 million downloads, and in total, all these plugins were downloaded about 87 million times.
It all started when cybersecurity researcher Vladimir Palant discovered an extension called PDF Toolbox in the Chrome Web Store that contained suspicious code. Despite almost two million downloads and an average score of 4.2, the plugin turned out to have “extra functionality” built in. He accessed the site with the address serasearchtop[.]com and downloaded arbitrary code from it to all the pages that the user viewed.
Then a couple dozen more similar plugins were discovered with a total of 55 million downloads. After analyzing the received malicious extension samples and a more thorough search in the Chrome Web Store, the expert found 34 extensions with malicious code, the number of downloads of which reaches 87 million. Interestingly, these plugins have different basic functionality, with Autoskip for Youtube being the most popular with 9 million downloads.
These extensions hit the Chrome Web Store in 2021 and 2022, after staying in the store for over half a year. At the same time, in the reviews there are also complaints about the substitution of addresses in the search results, but the moderators left them unattended.
They should be removed from the browser as soon as possible
It wasn’t until cybersecurity experts sounded the alarm that Google removed the malicious extensions from its official online store. Experts note that users who have already installed extensions should remove them from the browser themselves as soon as possible. The full list of malware extensions includes:
- Autoskip for YouTube;
- soundboost;
- Crystal Adblock;
- Brisk VPN;
- clipboard helper;
- Maxi Refresher;
- Quick Translation;
- Easy View Reader View;
- PDF toolbox;
- Epsilon Adblocker;
- Craft Cursors;
- Alfablocker ad blocker;
- Zoom Plus;
- Base Image Downloader;
- clicky fun cursors;
- Cursor-A custom cursor;
- Amazing Dark Mode
- Maximum Color Changer for Youtube;
- Awesome Auto Refresh;
- Venus Adblock;
- AdblockDragon;
- Readl Reader mode;
- volume frenzy;
- image download center;
- Font Customizer;
- Easy Undo Closed Tabs;
- screen recorder;
- OneCleaner;
- Repeat button;
- Leap Video Downloader;
- Tap Image Downloader;
- Qspeed Video Speed Controller;
- HyperVolume;
- Light picture-in-picture.