Infected Chrome extensions steal data from 2.6M devices

Written By Tim Fauley

When you work in IT the holidays are a stressful time: Bad actors know that during the holidays people are on vacation, staffing is short and companies are generally not paying as much attention to the security of their networks as they should. It is not just companies that are targets during the holidays but also individuals as this is the time of year when lots of credit card purchases are made so there’s a lot of potential credit card information to steal.

This year on Christmas Eve developers of several Chrome extensions received a targeted fishing email (known as spear fishing) pretending to be from Google and informing them their extensions were in violation of a Google policy. Unfortunately some of the developers fell victim to the attack and in the process granted the bad actors access to their development accounts. The bad actors used this access to push out a malicious version of their extension which was in turn automatically pushed out to everyone who had these extensions installed. Using the malicious extension, the bad actor were able to capture sensitive information entered in to web sites as well as scour the victims computers for other sensitive information stored on their devices.

So far 33 browser extensions have been identified as infected on about 2.6 million devices. It is a good idea to check the list of infected extensions and if you use one make sure you are updated to the latest version and change all your sensitive passwords.

It is also worth mentioning that generally I advise people to avoid installing web browser extensions at all unless they are absolutely necessary and from an explicitly trusted source. Think of every browser extension you have as a window where a criminal could potentially compromise your computer. It would be a good idea to take this opportunity to review the extensions that you have installed and remove them unless they are absolutely necessary and from a trusted source.

Here is a list on Ars Technica of the extensions that have been identified: Backdoor Chrome Extension List.

While CreaTech does not provide managed services directly we partner with some companies that can help keep your business safe. If you would like to schedule a meeting to discuss options to protect your business please contact us.

Tim Fauley
Previous

Ransomware payments to be made illegal?