If you’re one of the millions who installed these malicious Google Chrome extensions, delete them now
More than 30 malicious Google Chrome extensions identified
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurity giant Kaspersky has identified nearly three dozenGoogle Chrome extensionscarrying a malicious payload, which collectively have amassed around 87 million downloads, including one which accounted for nine million downloads alone.
The company’sresearchstems from the discovery of the PDF Toolbox extension, which loaded arbitrary code on all pages viewed by the user. Further analyses revealed a total of 34 malicious extensions, all marketed as serving different purposes.
While thebrowserextensions have since been removed from the Chrome Web Store, Kaspersky is quick to point out that they might still be available on users’ devices, urging them to check the list of dodgy extensions and remove any malicious ones.
Malicious Chrome extensions
Kaspersky commendedGooglefor removing the malicious extensions upon notification from the researcher responsible for the discovery and a paper by another “team of experts,” but criticizes the company for not acting on customer reviews.
These are the best malware removal tools around>Researchers claim malware is rife on the Google Play Store>A host of malicious Google Chrome extensions with 75 million installs have been removed
Many complained of URLs which would mysteriously redirect to adware sites, and in fact, a number of the extensions had already been reported as suspicious by users. A Google spokesperson toldTechRadar Pro:
“When we find extensions that violate our policies, we take appropriate action. These reported extensions have been removed from the Chrome Web Store and are automatically disabled for users.”
The following Chrome extensions should be removed, according to Kaspersky’s instructions.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More broadly, Kaspersky challenges browser plugins which typically require full access to view and change data on all sites. As such, they can track users, compromise credentials and payment information, and embed ads.
The cybersecurity firm’s advice, then, is to avoid downloading extensions where possible. It says: “the fewer - the safer.” Users should also remove plugins that they no longer need, and make good use ofendpoint protection softwarewherever possible.
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!
Adobe’s decision to eliminate perpetual licensing for its Elements software has stirred controversy among consumers
VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats
Sonos Arc Ultra review: the best one-box Dolby Atmos soundbar for the price, with one grating flaw
