A host of malicious Google Chrome extensions with 75 million installs have been removed

The extensions were hijacking search results

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Late last week,Googleconfirmed removing 34 malicious extensions from its Chrome Web Store. The extensions were capable of injecting ads into pages and exfiltrating sensitive data from compromised endpoints. In total, the extensions were downloaded more than 75 million times.

As reported by BleepingComputer, the malware was first spotted by cybersecurity researcher Wladimir Palant who, after analyzing the PDF Toolbox extension, discovered that it included a hidden code.

This allowed a domain called serasearchtop[.]com to inject arbitrary JavaScript code into any website that the user visits. The code would activate 24 hours after the extension was installed - typical malware behavior, the publication said.

Millions of users

Palant quickly discovered more malicious extensions, bringing the number up to 18. At first, he wasn’t able to determine any malicious activity, although the speculation was that the extensions injected ads into websites.

Soon after that, cybersecurity researchers from Avast chimed in, expanding the list to 32 entries in total. Some of the most popular extensions include Autoskip forYouTubewhich has 9 million active users, Soundboost with 6.9 million, and Crystal Ad block with 6.8 million.

The best Google Chrome extensions in 2022: do more with your browser>Google Chrome extensions could pose high security risk, researchers fear>Check out the best firewalls around

The full list of the malicious extensions can be found onhere. Palant says 34 extensions in total were found to be malicious. User reviews on the Web Store suggest that the extensions were redirecting users to different websites, hijacking search results, and displaying unwanted ads.

Google has responded to inquiries on the matter, claiming the reported extensions were removed from the store.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The Chrome Web Store has policies in place to keep users safe that all developers must adhere to," the Google representative told BleepingComputer.

While the extensions have been removed from the store, users are still vulnerable until they remove them from theirendpointsmanually, so if you have any, make sure to remove them as soon as possible.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

New World: Aeternum review: Amazon’s ailing MMORPG gets a much-needed second wind