More than three million Google Chrome users have been issued a warning about 16 browser extensions that have been compromised by hackers.
Cybersecurity experts urged users to delete them now after finding  criminals injected malicious codes into the software.
This allows hackers to steal user data and commit ‘search engine fraud’ – the scam of driving clicks to hacker-controlled websites for ad revenue.
The list of compromised Chrome extensions includes Blipshot, Emojis, Color Changer for YouTube, Video Effects for YouTube and Audio Enhancer, Themes for Chrome and YouTube Picture in Picture, and Mike Adblock for Chrome, Super Dark Mode, and Emoji Keyboard Emojis for Chrome.
Other compromised extensions are Adblocker for Chrome, Adblock for You, Adblock for Chrome, Nimble Capture, KProxy, Page Refresh, and Wistia Video Downloader.
The GitLab Threat Intelligence team discovered the scheme and noted that Chrome has removed these extensions from its Web Store. Users who have downloaded these extensions will need to manually delete them.
The best way to avoid a hijacked browser extension is to vet the programs you’re installing on your computer and read any reviews which warn about potential dangers.
This includes checking what ‘permissions’ an extension is asking for, meaning which files or devices is the program looking to access with the user’s blessing.
Researchers have uncovered 16 Chrome extensions that have been hacked and need to be deleted by anyone who installed them
Chrome itself doesn’t support extensions on Android phones, limiting the scope of the threat to those installing these programs on their computers.
Unlike typical apps and extensions built by hackers from scratch, these Chrome extensions were actually taken over by cyber criminals using phishing attacks on developers.Â
In some instances, the creators of the extensions were tricked into transferring control of their inventions willingly.
Once the hackers had control, they were able to inject malicious updates into the extensions, meaning anyone who installed them had already opened the door to a future cyber attack.
Notebookcheck explained that, ‘All these changes remained unnoticed by users who had earlier granted permissions to these extensions, which allowed attackers to manipulate web activity in real-time.’
The team at GitLab Threat Intelligence also noted that all of these extensions had one concerning thing in common – the permissions they requested access to.
All of the hacked Chrome extensions used permissions which allow them to interact with any website the victims visit.
This allowed them to inject those websites with malicious code as well. Simply put, the Chrome add-ons traveled along with the Google users, potentially spreading the hacker’s code everywhere they browsed the web.
Before installing a new browser extension, you should read any feedback about the program to see if other users have encountered malware or other problems
Tech experts say the threat endangers the digital security of approximately 3.2 million people, with these extensions doing everything from ad blocking to enhancing YouTube
Tech experts at Tom’s Guide explain that while browser extensions can make the internet more convenient to use, they’re not as popular as many of the apps on a smartphone.
Extensions like ad blockers are often created by smaller companies or even individual programmers, making it really hard to know if the extension you want to install is legitimate.
The team at Tom’s recommends that Chrome users carefully read through the permission settings of any extensions they want to install.
Also, read the program’s reviews to see if previous users have encountered problems or suspicious activity.
GitLab Threat Intelligence revealed that several users of these 16 hijacked extensions warned others to avoid installing them after the programs hacked their browsers.
‘The threat actor’s abuse of trusted software distributors and the reputation of the Chrome Web Store also helped to make this attack more effective,’Â GitLab Threat Intelligence added.
The attack targeting legitimate extension developers with phishing schemes comes after a recent warning to billions of Google email users.
An advanced phishing tool is allowing hackers to steal a victim’s web security details in real-time, fooling the target into thinking they’ve logged into their accounts normally by sending them to a phony webpage which looks just like their browser.
James Knight, a cyber warfare expert with 25 years of experience, told DailyMail.com that everyone needs to have a spam filter active on their accounts to block these phishing emails.
Additionally, suspicious emails directing you to click on a link should be deleted right away if they don’t end up in your spam folder.
According to the FBI, phishing schemes were the most frequently reported form of internet crime in 2023, making up nearly one-third of all cyber crimes that year.
Along with deleting these extensions and checking the permissions on the ones you’re keeping, tech experts urge anyone who installed these programs to use antivirus software to scan their computers for signs of malware or other viruses.
