Security News > 2020 > February > 500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.

The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security, which unearthed 70 Chrome Extensions with over 1.7 million installations.

A Well-Concealed Malvertising Campaign Using Duo Security's Chrome extension security assessment tool - called CRXcavator - the researchers were able to ascertain that the browser plugins operated by surreptitiously connecting the browser clients to an attacker-controlled command-and-control server that made it possible to exfiltrate private browsing data without the users' knowledge.

Beware of Data-Stealing Browser Extensions This is not the first time data-stealing extensions have been discovered on the Chrome browser.

Last July, security researcher Sam Jadali and The Washington Post uncovered a massive data leak called DataSpii perpetrated by shady Chrome and Firefox extensions installed on as many four million users' browsers.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/OpWH3qGO8wE/chrome-extension-malware.html