Up to 3 million devices infected by malware-laced Chrome and Edge add-ons
-
Threat Intelligence researchers from Avast, have identified malware hidden in at least 28 third party Google Chrome and Microsoft Edge extensions associated with some of the world’s most popular platforms. The malware has the functionality to redirect user’s traffic to ads or phishing sites and to steal people’s personal data, such as birth dates, email addresses, and active devices. According to the app stores’ download numbers, around three million people may be affected worldwide.
Doctor Flay ™
-
@Dr-Flay I am not surprised. That is why I am using only one trusted addon - Ublock Origin by gorhill.
-
Some are listed twice but ok, none of them ever heard before by me.
-
@Dr-Flay Yeah. Kinda old news. We've heard it before, even from the aple store and probably others.
There are only a few we can trust.
We, the users, must be vigilant. -
I am using none of the list, I use only OpenSource extensions. Apart of this, Instagram and Facebook itself are Spyware.
-
@Dr-Flay said in Up to 3 million devices infected by malware-laced Chrome and Edge add-ons:
Threat Intelligence researchers from Avast, have identified malware hidden in at least 28 third party Google Chrome and Microsoft Edge extensions associated with some of the world’s most popular platforms. The malware has the functionality to redirect user’s traffic to ads or phishing sites and to steal people’s personal data, such as birth dates, email addresses, and active devices. According to the app stores’ download numbers, around three million people may be affected worldwide.
So in other words with the shear number of browser users a round the world a drop in the bucket have gotten infected this way.
-
Yes this general topic is an old story, but until it is actually dealt with it is worth reminding people how full of malware the play store is.
Until google change their model of what they allow to be uploaded and in what format, this will never end.
Most people just become complacent and accept a new normal.
You hear this all the time regarding privacy and the acceptance you don't have any.Open source extensions are safer but not above being compromised, as various "safe" extensions repositories have been hijacked (or even bought then hijacked).
Google should do what F-Droid does and only accept source code which google then build.I did wonder about the duplication in the list myself, but google are sloppy because they are greedy and allow apps and extensions with the same name from different developers.
3 million may be a drop in a world size bucket but that drop is the size of a small country.
How many infected devices did it take to start stuxnet ?
How many devices need to be first infected to roll out a massive botnet campaign ?
The size of this event isn't the big deal here because it is just the tip of an iceberg of security problems (meaning the play store).I bet all the extensions in that list have a crappy rating in CRXcavator https://crxcavator.io
I would like an extension or userscript to add the CRXcavator ratings in the google store (we know google would never show the ratings themselves).
Or a front end site for the extension store like Appbrain works as a frontend for the app store.(it is notable that I have the same functionality most of those extensions offer, but in 1 single userscript that works on all those sites)
-
@Dr-Flay , the danger is much greater, although it only affects a few apps. It is not the question of how many apps are infected among hundreds of thousands, but rather how many people use these infected apps, which in this case, mainly in the case of Facebook and Instagram apps, will not be few users who are affected.
For this reason, it is always preferable on a mobile phone, to use a direct access to a web page, instead of using an app, in most cases unnecessary.
Even if they propose it, a current mobile has no problems of any kind of directly accessing Fakebook, Infragramm, YouTube or other social networks. -
This ^
Often 1 exploit is the gateway to the main act.
A good example would be taking over an FB account and spamming contacts with malware messages that lead to their accounts being compromised.I also tend to rely on 1 trustable browser to access sites that offer specific apps.
This also leaves more space on the phone and RAM.
For FB I pretty much only use the chat network so rely on Trillian for that.
I don't do banking or buying via a phone using any method at all.
Not a chance in hell I would put that info into a device where I can't control, update or remove anything that came with it.I feel we are wandering off topic a little but it is broadly relevant
-
@greybeard said in Up to 3 million devices infected by malware-laced Chrome and Edge add-ons:
We, the users, must be vigilant.
And how's the typical computer used supposed to even know that browser extensions can do this, let alone be vigilant?
-
@Eggcorn A usual user, like me, must take responsibility for their browser, just like their cars. A good anti-virus is a start. Reputable, that scans both the 'download ' and the installed extension or app. I found ESET does this. I suppose there are others.
Only download extensions/apps you need, then go after games you want. I rely (somewhat) on a combination of ratings, # of users and reviews.
Unless you're a programmer or security expert you can't take apart a program to analyse it so some element of trust is required.
Security related blogs (of legit security companies) and tech news are also helpful.
[EDITED] -
@greybeard I don't think you're a usual user.
-
Ppafflick moved this topic from Security & Privacy on
