If you're one of the millions who installed these malicious Google Chrome extensions, delete them now
Cybersecurity giant Kaspersky has identified nearly three dozen Google Chrome extensions carrying a malicious payload, which collectively have amassed around 87 million downloads, including one which accounted for nine million downloads alone.
The company's research stems from the discovery of the PDF Toolbox extension, which loaded arbitrary code on all pages viewed by the user. Further analyses revealed a total of 34 malicious extensions, all marketed as serving different purposes.
While the browser extensions have since been removed from the Chrome Web Store, Kaspersky is quick to point out that they will still be available on users’ devices, urging them to check the list of dodgy extensions and remove any malicious ones.
Malicious Chrome extensions
Kaspersky commended Google for removing the malicious extensions upon notification from the researcher responsible for the discovery and a paper by another “team of experts,” but criticizes the company for not acting on customer reviews.
Read more
> These are the best malware removal tools around
> Researchers claim malware is rife on the Google Play Store
> A host of malicious Google Chrome extensions with 75 million installs have been removed
Many complained of URLs which would mysteriously redirect to adware sites, and in fact, a number of the extensions had already been reported as suspicious by users. TechRadar Pro has asked Google to confirm why user feedback went unnoticed.
The following Chrome extensions should be removed, according to Kaspersky’s instructions.
Autoskip for Youtube
Soundboost
Crystal Adblock
Brisk VPN
Clipboard Helper
Maxi Refresher
Quick Translation
Easyview Reader view
PDF Toolbox
Epsilon Ad blocker
Craft Cursors
Alfablocker ad blocker
Zoom Plus
Base Image Downloader
Clickish fun cursors
Cursor-A custom cursor
Amazing Dark Mode
Maximum Color Changer for Youtube
Awesome Auto Refresh
Venus Adblock
Adblock Dragon
Readl Reader mode
Volume Frenzy
Image download center
Font Customizer
Easy Undo Closed Tabs
Screence screen recorder
OneCleaner
Repeat button
Leap Video Downloader
Tap Image Downloader
Qspeed Video Speed Controller
HyperVolume
Light picture-in-picture
More broadly, Kaspersky challenges browser plugins which typically require full access to view and change data on all sites. As such, they can track users, compromise credentials and payment information, and embed ads.
The cybersecurity firm’s advice, then, is to avoid downloading extensions where possible. It says: “the fewer - the safer.” Users should also remove plugins that they no longer need, and make good use of endpoint protection software wherever possible.
Add that extra layer of protection with the best firewalls