An unexpected discovery of malicious web-based applications by security researchers has been reported affecting more than 500,000 Google Chrome users. According to the experts' speculations, the malware-carrying extensions may have been used by their developers for different motivations, including click-fraud scams and espionage.
On Monday, cybersecurity firm ICEBRG Inc published a report unveiling four malicious Google Chrome extensions that have affected over a million users around the world. The researchers first detected an extension called HTTP Request Header after a questionable growth in outbound network traffic from a customer workstation which prompted them to investigate the suspicious spike.
Also read: Researcher zero in on Android spyware 'Skygofree' that can steal WhatsApp messages
This led to the discovery of three other malicious extensions: Nyoogle, Stickies, and Lite Bookmarks, which all work almost the same with HTTP Request Header. The search giant already removed the said extensions in December 2017 after being tipped off, but the span of time these harmful web-based applications had lived in the world's most secure and most used internet browser remains a mystery.
"Although likely used to conduct click fraud and/or search engine optimization (SEO) manipulation, these extensions provided a foothold that the threat actors could leverage to gain access to corporate networks and user information," reads the report.
ICEBRG cannot pin down exactly how much the hackers were able to monetise from the activity. It has noted, however, that a similar botnet discovered in 2013 earned criminals US$6m per month before it was removed.
Researchers have warned that even if the infected extensions were taken down from the Chrome Web Store, the hosts can still spread it through third-party Chrome extension repositories. Thus, they are urging Chrome users to be wary when installing any web-based applications.
Apart from Google and the impacted users, the National Cyber Security CEntre of the Netherlands and the US Computer Emergency Readiness Team were also informed of the matter.