400 Chrome Extensions Caught Stealing Private Data of 1.6 Million Users

Google removed 400 malicious Chrome extensions from its Web Store after they found to inject malicious ads .

These extensions were a part of a malvertising and ad-fraud campaign that’s been operating at least since January 2019, although evidence points out the likelihood that the actor behind the scheme may are active since 2017. Upon sharing the invention privately with Google, the corporate went on to spot 430 more problematic browser extensions, all of which have since been deactivated

“The prominence of malvertising as an attack vector will still rise as long as tracking-based advertising remains ubiquitous, and particularly if users remain underserved by protection mechanisms,” said Kaya and Duo Security’s Jacob Rickerd within the report.

A large portion of those are benign ad streams, resulting in ads like Macy’s, Dell, or Best Buy,” the report found. “Some of those ads might be considered legitimate; however, 60 to 70 percent of the time a redirect occurs, the ad streams reference a malicious site.

The Hacker Journal Recommends that do not add extensions that are not important for your privacy.

Add a Comment

Your email address will not be published. Required fields are marked *