A security alert has been issued to over 3.2 million Google Chrome users, warning them to delete 16 compromised browser extensions immediately. The affected extensions, including Blipshot and Video Effects for YouTube, were found to have been hacked by hackers who injected malicious codes into the software.
The malicious code allows hackers to steal user data and commit “search engine fraud” by driving clicks to hacker-controlled websites for ad revenue. Cybersecurity experts urge users to delete the extensions now to avoid being compromised.
According to researchers from GitLab Threat Intelligence, Chrome has removed the extensions from its Web Store, but users who have downloaded them must remove them manually. The team warns that users should vet the programs they install and read reviews warning about potential dangers, including checking the permissions an extension is asking for.
The hackers used phishing attacks on developers to take control of the extensions, injecting malicious updates into the software once they had control. This allowed attackers to manipulate web activity in real-time and inject malware into any website the victim visits.
Experts recommend that users carefully read through the permission settings of any extensions they want to install and check reviews for suspicious activity. Additionally, they urge users to use antivirus software to scan their computers for signs of malware or viruses.
This alert is part of a larger trend of security breaches targeting browser extensions and email users. The FBI has reported that phishing schemes were the most frequently reported form of internet crime in 2023.
Source: https://www.dailymail.co.uk/sciencetech/article-14443391/urgent-warning-chrome-users-malicious-extensions.html