Home Top Stories Hacked Chrome extensions put 2.6 million customers liable to knowledge leak

Hacked Chrome extensions put 2.6 million customers liable to knowledge leak

By
Ella Bennet
-
0

Your net browser is an ecosystem of its personal. It shops your passwords, search historical past, monetary particulars like bank card numbers, addresses and extra. Just like how malicious apps and providers can compromise knowledge in your telephone or PC, malicious extensions can expose the information saved in your browser. 

There are a ton of extensions on the market that do extra hurt than good. In reality, safety researchers have simply discovered a harmful new marketing campaign that’s going after browser extensions. So far, round 36 extensions have been compromised, placing over 2.6 million Chrome customers liable to having their looking knowledge and account credentials uncovered.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

An individual utilizing a Chrome browser extension (Kurt “CyberGuy” Knutsson)

How hackers are concentrating on browser extensions

Hackers are exploiting browser extensions as a gateway to steal delicate person knowledge by quite a lot of strategies. These compromised extensions are exposing over 2.6 million customers to knowledge publicity and credential theft, as reported by The Hacker News

One frequent assault entails phishing campaigns concentrating on the publishers of reputable extensions on platforms just like the Chrome Web Store. In these campaigns, attackers trick builders into granting permissions to malicious purposes, which then insert dangerous code into widespread extensions. This code can steal cookies, entry tokens and different person knowledge.

The first firm to make clear the marketing campaign was cybersecurity agency Cyberhaven, considered one of whose workers have been focused by a phishing assault on December 24, permitting the menace actors to publish a malicious model of the extension.

Once these malicious extensions are revealed and cross the Chrome Web Store’s safety evaluate, they’re made out there to hundreds of thousands of customers, placing them liable to knowledge theft. Attackers can use these extensions to exfiltrate looking knowledge, monitor person exercise and even bypass safety measures akin to two-factor authentication.

In some instances, builders themselves might unknowingly embrace data-gathering code as a part of a monetization software program growth package, which stealthily exfiltrates detailed looking knowledge. This makes it troublesome to find out whether or not a compromise is the results of a hacking marketing campaign or an intentional inclusion by the developer.

Hacked Chrome extensions put 2.6 million users at risk of data leak

Image of a Chrome browser on a cellphone (Kurt “CyberGuy” Knutsson)

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Remove these extensions out of your net browser

The browser extension safety platform Secure Annex has launched its personal investigation into this hacking marketing campaign. So far, it has uncovered over twenty extra compromised extensions, that are listed beneath. If you could have any of the compromised extensions listed in Secure Annex’s investigation put in in your browser, it’s important to take away them instantly to guard your knowledge.

  1. AI Assistant – ChatGPT and Gemini for Chrome
  2. Bard AI Chat Extension
  3. GPT 4 Summary with OpenAI
  4. Search Copilot AI Assistant for Chrome
  5. TinaMInd AI Assistant
  6. Wayin AI
  7. VPNCity
  8. Internxt VPN
  9. Vindoz Flex Video Recorder
  10. VidHelper Video Downloader
  11. Bookmark Favicon Changer
  12. Castorus
  13. Uvoice
  14. Reader Mode
  15. Parrot Talks
  16. Primus
  17. Tackker – on-line keylogger software
  18. AI Shop Buddy
  19. Sort by Oldest
  20. Rewards Search Automator
  21. ChatGPT Assistant – Smart Search
  22. Keyboard History Recorder
  23. Email Hunter
  24. Visual Effects for Google Meet
  25. Earny – Up to twenty% Cash Back
  26. Cyberhaven safety extension V3
  27. GraphQL Network Inspector
  28. Vidnoz Flex – Video recorder & Video share
  29. YesCaptcha assistant
  30. Proxy SwitchyOmega (V3)
  31. ChatGPT App
  32. Web Mirror
  33. Hi AI

Keeping these extensions put in is a severe threat since hackers can nonetheless entry your knowledge even when the malicious model has been taken down from the Chrome Web Store. Secure Annex continues to be investigating and has shared a public Google Sheet with particulars concerning the malicious extensions it has discovered up to now, like whether or not they’ve been up to date or eliminated. They’re additionally including new extensions to the record as they uncover them.

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

How to take away an extension from Google Chrome

If you could have put in one of many above-mentioned extensions in your browser, take away it as quickly as doable. To take away an extension from Google Chrome, comply with these steps:

  • Open Chrome and click on the icon that appears like a chunk of a puzzle. You’ll discover it within the top-right nook of the browser.
  • You can see all of the energetic extensions now. Click the three dots icon subsequent to the extension you need to take away and choose Remove from Chrome.
  • Click Remove to verify

Steps to take away an extension from Google Chrome (Kurt “CyberGuy” Knutsson)

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS

7 methods to remain secure from malicious software program

1) Verify emails and hyperlinks earlier than clicking: Many assaults start with phishing emails that impersonate trusted entities like Google Chrome Web Store Developer Support. These emails usually create a false sense of urgency, urging you to click on on malicious hyperlinks. Always confirm the sender’s e mail deal with and keep away from clicking on hyperlinks with out double-checking their authenticity. When unsure, go on to the official web site relatively than utilizing a offered hyperlink.

2) Use sturdy antivirus software program: Having sturdy antivirus software program is a necessary line of protection towards malicious software program. These instruments can detect and block malicious code, even when it has been embedded in browser extensions. The finest method to safeguard your self from malicious hyperlinks that set up sturdy malware, doubtlessly accessing your non-public info, is to have antivirus software program put in on all of your units. This safety may provide you with a warning to phishing emails and ransomware scams, retaining your private info and digital belongings secure. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3) Limit extension permissions: Be cautious concerning the permissions you grant to browser extensions. Many require entry to delicate knowledge like looking historical past, cookies or account info, however not all requests are obligatory. Review what every extension asks for and deny permissions that appear extreme. If doable, go for extensions with restricted entry to make sure your knowledge stays protected.

4) Limit the variety of extensions: Only set up extensions which might be genuinely wanted and recurrently evaluate and uninstall these now not in use.

5) Keep your browser up to date: Always replace your browser to the most recent model. Updates usually embrace vital safety patches that shield towards vulnerabilities exploited by malicious software program. Using an outdated browser will increase the chance of being focused by assaults that might have been prevented with a easy replace. Enable automated updates to make sure you’re all the time protected. If you’re uncertain tips on how to replace your browser, try my detailed guide for Google Chrome.

6) Regularly audit your extensions: Conduct periodic evaluations of put in extensions and take away any which might be pointless or pose potential safety dangers.

7) Report suspicious extensions: If you encounter a suspicious extension, report it to the official browser extension market.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

Kurt’s key takeaway

Hackers are getting smarter, and browser extensions have turn into a brand new favourite goal for stealing delicate knowledge. The discovery of over 35 compromised Chrome extensions, placing 2.6 million customers in danger, is a wake-up name for everybody. Removing suspicious extensions is a necessary step to guard your knowledge. This additionally places Google’s Chrome Web Store evaluate course of below scrutiny, proving that even trusted platforms might be exploited. 

How usually do you evaluate and take away unused or suspicious browser extensions? Let us know by writing us at Cyberguy.com/Contact.

For extra of my tech suggestions and safety alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to probably the most requested CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of expertise, gear and devices that make life higher together with his contributions for Fox News & FOX Business starting mornings on “FOX & Friends.” Got a tech query? Get Kurt’s free CyberGuy Newsletter, share your voice, a narrative thought or remark at CyberGuy.com.

RELATED ARTICLES

NO COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

©
Exit mobile version