Browser extensions are very useful as they allow us to easily add features that are not available out-of-the-box. In this way, users can improve their experience when browsing the Internet and adapt the program to their needs. However, they are also an opportunity for hackers to get into trouble and take control of users’ browsers to steal all kinds of data. And this is what just happened to more than 87 million users.
A few hours ago, the Kaspersky security firm published a report with a list of 34 extensions, published in the Chrome Store (and most of them still available) that were being used to infect users’ computers. In total, these 34 extensions added more than 87 million downloads, one of them in particular being on more than 9 million computers.
It all started with the analysis of an extension, called PDF Toolbox, which allowed users to view any page and place code on it. From this extension, the security firm found another 33 extensions most used to carry out computer attacks, each of them offering to perform a particular function.
When one of these extensions was installed, what happened is that they automatically began to track all the user’s activity, collecting and selling all kinds of information about him. It also stole bank details and web credentials, added personalized ads to pages, replaced web links with affiliate links, and changed the home page to one with more ads.
The complete list with these malicious plugins is as follows:
- autoskip for youtube
- soundboost
- Crystal Adblock
- BriskVPN
- Clipboard Helper
- maxi refresher
- Quick Translation
- Easyview Reader view
- PDF Toolbox
- Epsilon Ad blocker
- Craft Cursors
- alphablocker ad blocker
- ZoomPlus
- Basic Image Downloader
- Clicky fun cursors
- Cursor-A custom cursor
- Amazing Dark Mode
- Maximum Color Changer for Youtube
- Awesome Auto Refresh
- Venus Adblock
- Adblock Dragon
- Read Reader mode
- Volume Frenzy
- Image download center
- Font Customizer
- Easy Undo Closed Tabs
- Screen recorder
- OneCleaner
- repeat button
- Leap Video Downloader
- Tap Image Downloader
- Qspeed Video Speed ​​Controller
- HyperVolume
- Light picture-in-picture
In addition to these extensions, security researchers say that there may be other similar ones still available in the Chrome extension store, so we must exercise caution and, if we detect any anomalous behavior, disable the extension as soon as possible.
What to do if you have installed one of these in Chrome
Although the extensions have already been reported to Google, and the company has removed most of the store, that doesn’t mean it will remotely uninstall users who installed them. Therefore, the first thing will be to check if we have installed any of the extensions that we have just seen.
If so, the first thing to do is delete it from the browser as soon as possible. And, if we needed any of its features, opt for an alternative extension. Immediately afterwards, take the corresponding measures to be sure, such as changing our passwords or checking the bank so as not to find surprises.
And, for other times, use common sense and carefully review the permissions of the extensions when we are going to install them.