They should be removed from the browser as soon as possible

Google has already removed them from the Chrome Web Store

The Kaspersky Lab team has warned about their new malware discovery. In the Chrome Web Store, the official online store for extensions for Google’s proprietary browser, experts have found dozens of malicious extensions. The most popular of the extensions had over 9 million downloads, and in total, all these plugins were downloaded about 87 million times.

It all started when cybersecurity researcher Vladimir Palant discovered an extension called PDF Toolbox in the Chrome Web Store that contained suspicious code. Despite almost two million downloads and an average score of 4.2, the plugin turned out to have “extra functionality” built in. He accessed the site with the address serasearchtop[.]com and downloaded arbitrary code from it to all the pages that the user viewed.

Then a couple dozen more similar plugins were discovered with a total of 55 million downloads. After analyzing the received malicious extension samples and a more thorough search in the Chrome Web Store, the expert found 34 extensions with malicious code, the number of downloads of which reaches 87 million. Interestingly, these plugins have different basic functionality, with Autoskip for Youtube being the most popular with 9 million downloads.

These extensions hit the Chrome Web Store in 2021 and 2022, after staying in the store for over half a year. At the same time, in the reviews there are also complaints about the substitution of addresses in the search results, but the moderators left them unattended.