According to the recent report, the new malicious Google extension lets apps spy on activities of its users by granting root permissions. Security researchers at Malwarebytes have analysed the malvertising campaign that targetted Google Chrome browser and made users install rogue extensions named iCalc.
As you might have already guessed, iCalc is an ‘ordinary’ calculator, that was downloaded more than thousand times before it got removed from the official Google Store.
Senior security researcher at Malwarebytes, Jérôme Segura noted that cyber crooks are more focusing on infecting computers using Chrome and other browser extensions.
Cyber criminals using extensions as an entry point to infect computers is becoming more common, according to Jérôme Segura, senior security researcher at Malwarebytes.
“One of the main points of entry is via rogue browser extensions which are increasingly becoming a problem and are being leveraged in various types of attacks including data theft, spying, pop-up ads and more. Even though the surface of attack is smaller than that of a typical Windows PC, online crooks will always find a way to abuse the system.”
The malicious nature of iCalc extension could have been noticed even by non-security-professionals, because it was lacking appropriate screenshots and good reviews on the market and also demanded absurdly lot of permissions for a calculator app.
Permissions included “read and change” of all website data, which means that attackers used malicious scripts and creating a proxy which was after intercepting packages and traffic of an unaware user.
Similar extensions are often spread via social networking websites, like Facebook. Cyber crooks attract visitors by sharing a link to a nude or fake viral news material and the link ocessionally redirects users to extension installation page.
Most people, after installing an extension, forget about its existence and never look back at it to check on its activities.
So why did cyber criminals need iCalc? The answer is simple, Adware. According to Segura “…typical adware players are increasingly pushing rogue extensions using techniques including offering free coupons, recipes and even video content. Often their motivation is to harvest your browsing habits and resell them to marketing companies to target you with ads.”
- Don’t download an extension if you absolutely need it
- Always check what permissions it ask for
- Pay attention to reviews and screenshots