A small group of researchers made a surprising discovery: around 30 browser extensions hosted in Google’s Chrome Web Store, some for 18 months, were surreptitiously siphoning off sensitive data from around 2.6 million devices. Nothing less.
In short, hackers have kept the same resolutions as in previous years, those of scamming us and stealing through our digital devices.
Published by Ars Technica, these compromises were revealed by data loss prevention service Cyberhaven, who discovered that a Chrome extension used by 400,000 of their own customers had been updated with code that stole their sensitive data .
The hacked extension was around for some time before it was discovered.
This was originally designed to prevent users from inadvertently entering sensitive data in emails or on websites they visit.
By phishing
Without going into detail, this discovery helped uncover the phishing scheme which was taken up by several other malicious actors. About thirty in all.
Security Annex, a browser extension analysis and management company, said it discovered 19 other Chrome extensions that had been similarly compromised. In all cases, the attacker used phishing to distribute a new malicious version and custom domains to issue commands and receive authentication information. Together, the 20 extensions have been downloaded 1.46 million times.
Another malicious extension, Reader Mode, led to the discovery of a library of codes that developers can use to monetize their extensions. This code library collects information about each visit to a browser. In exchange for integrating the library into extensions, developers receive a commission from the library creator.
Overall, these extensions have been installed 1.14 million times. The full list is as follows:
Anyone who has used one of these compromised extensions should consider changing their passwords and other authentication information.
Other compromised extensions:
