Google Chrome And Malicious Extensions - What You Need To Know
Google Chrome browsing extensions conveniently add various functionalities that make the browser even more accessible for daily use. Despite the ample benefits these afford users, Chrome is under intense scrutiny after more than 32 million malicious extensions were downloaded through a massive spyware attack.
Read on to learn more about this type of malware and different ways of dealing with it.
How This Spyware Works?
Google Chrome spyware works by analyzing the victim’s use of the browser and transmitting this valuable information externally. These Chrome extensions in particular are purposefully-designed to evade detection by antivirus software, making them even more nefarious.
The spyware gets distributed in various ways, and one of the most common ways is through clicks on links that drag the user to malicious websites. Such links are obtained through text messages, emails, ads on web pages, pop-up windows in browsers, and more. The corrupted links also appear on the search pages of Google.
At times, the users don’t even need to click on such links to get redirected to the infected website. This is because the malware is carried out by placing malicious ads on genuine websites, also termed as malvertising.
Another way the spyware works is through malicious codes present on genuine websites that infect the user’s system by just visiting the page. Such malicious infections are known as watering hole attacks given they target particular users or groups.
The spyware operates by opening files that are infected. Such files are obtained in the form of attachments in emails from certain trusted sources like the post office, banks, and other highly credible senders. Users are scammed into downloading spyware.
The attackers propagate such programs by adding them to a trusted and useful software library. Many times, deleting these types of malicious software from the system is sufficient to eliminate the application. However, the spyware might still be in your system or mobile phone for snooping on you again.
Beyond the threat itself, Google has also been the target of various similar campaigns engineered to attack Chrome. Per research carried out in February by Duo Security, around 500 downloaded extensions uploaded private browsing information onto servers which were controlled by hackers and redirecting victims towards malicious websites.
Although Google is working hard to remove malicious extensions available in its online store, it still lacks absolute perfect policing.
How To Protect Your Device?
The best way to stay safe from any form of malware is by being extra cautious with your online activities. Other security measures include:
- Before installing any extension, think twice about whether you genuinely need it or not
- Checking out the publisher beforehand can provide helpful information about the extension’s intent
- Don’t click on extensions from fake or unofficial sources
- Keep an eye on automatic updates from extensions and disable malicious ones
- Check for any unusual behavior or performance lags on your browser
- If you aren’t using a suspicious or unused extension, delete it completely from the device
- Install antivirus software and scan your device for malware
- Use ad blockers and anti-tracking programs to obscure your online activity
Learn more about the best antivirus extensions for google chrome here
Although extensions can be helpful, it’s important to double-check the source and authenticity of these before installing them on the browser.
Don’t install unnecessary extensions and make sure to use a strong and reliable antivirus along with other necessary precautions to ensure your system is kept safe and secure.