Today, Google Chrome holds nearly 60% market share in the world of browsers (followed by FireFox and Internet Explorer, both oscillating at around 13%). A dynamic ecosystem has developed around this market leader. This comes with both advantages and disadvantages. Today, ICEBRG’s security experts warn Chrome users against the malicious use of a series of extensions that have been downloaded more than 500,000 times!
The first one which caught their attention is HTTP Request Header, this allows intruders to click on banner ads without the computer owner’s knowledge.
Some three others, Nyoogle, Stickies and Lite Bookmarks seem to be used for similar purposes: a vast click fraud operated via simple extensions which look harmless.
Another company, Malwarebytes, has recently revealed the existence of a malicious extension that not only interferes with your computer but simply refuses to be uninstalled!
This extension is called “Tiempo en colombia en vivo”, it interacts with the browser to click on particular advertisements or intercept requests from the search engine.
The installation of “Tiempo en colombia en vivo” is caused by visits to websites which are in collusion with it. When the user leaves the site they force him/ her to download the extension. It is impossible to get rid of this extension by the classic method (deactivation proposed in a drop-down menu, which is accessible by a simple right-click on the icon of the extension). To disable “Tiempo en colombia en vivo”, it is advisable to rename a Javascript file (1499654451774.js) in the Chrome extensions folder and reload the browser. The corrupted extension (because it is renamed) will then appear in the usual list and can be deleted.
FireFox users were exposed to a similar extension, the installation this was fraudulently presented as an update of the browser. The solution here is to restart FireFox in safe mode to be able to find the malicious extension (FF Helper Protection) and get rid of it.
This is not the first time that we talk about the risks of potential intrusion via extensions or via the execution of Javascript codes in browsers. Due to the recent revelations of possible exploitation via the vulnerabilities, Meltdown and Spectre, Google has announced the update of its Chrome browser, with the release of its 64 version on January 23rd. Apple has also updated its Safari browser.
Looking for a browser that takes security as its top priority? Try URbrowser, which allows you to control the level of privacy of your browsing.