Google Warns Chrome Browser Users NOT To Activate Any Of These 500 Extensions

Google Warns Chrome Browser Users NOT To Activate Any Of These 500 Extensions

Google Warns Chrome Browser Users NOT To Activate Any Of These 500 Extensions

Google has warned Chrome users to not activate over 500 extensions due to fraudulent transactions targeted at users. On January 20, it was reported how Google had confirmed a publication or update of all paid-for extensions in the Chrome Web Store had been temporarily suspended.

The reason was cited as being a significant increase in the number of fraudulent transactions attempting to defraud users. Things have just got a lot worse, or a lot better, depending on whether you’re a glass-half-empty or half-full person: a total of 500 Chrome web browser extensions have been identified, and deactivated, that were stealthily uploading user data.

Researchers say the malicious campaign executed by these 500 Chrome extensions was operational since at least January 2019 but could date back as far as 2017.

Digging into Chrome web browser extension fraud

The fraud campaign was unearthed in a joint operation between Cisco’s Duo Security team and an independent security researcher, Jamila Kaya. They initially discovered that 70 Chrome web browser extensions, which had been installed by at least 1.7 million users, were obfuscating malicious advertising functionality from those unknowing users. Using a scam methodology that involved redirecting the browser to a whole bunch of domains, and then onto one of a number of malicious control servers to direct the fraud itself. This involved providing different locations to which private user browsing data should be uploaded and lists of advertisements to be fed to the browser.

According to the report, authored jointly by Jamila Kaya and Duo Security information security engineer Jacob Rickerd, this primary malicious behavior resulted in users regularly getting fed new redirector domains leading to both “benign” and illegitimate advertising streams. Even though most of the ad streams fed to those users who had installed any of these Chrome web browser extensions were from “genuine” advertisers, the researchers said that what differentiated them as being malvertising ad fraud was “the large volume of ad content shown, the fact that the user does not see many if not the majority of these ads, and the fact that malicious third-party actors are actively using these streams to redirect the user to malware and phishing.”

Google responds quickly to mitigate against the threat from these malicious Chrome extensions

Once the researchers had reported their findings to Google, things escalated somewhat. The Google security team went on to identify an additional 430 Chrome web browser extensions involved. These, along with the original 70 extensions, were then removed from the Google Chrome Web Store. This is to be expected, as Google has proven to be taking a very proactive stance when it comes to matters of security.

A Google spokesperson said that “when we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.” The spokesperson also told the Duo Security researchers that Google executes “regular sweeps to find extensions using similar techniques, code, and behaviors, and take down those extensions if they violate our policies.”

Do NOT reactivate any of these extensions

IOCType
Mapstrek.comPlugin Domain
Mapsscout.comPlugin Domain
Deluxequiz.comPlugin Domain
Gameschill.comPlugin Domain
Packtrackplus.comPlugin Domain
Mapsvoyage.comPlugin Domain
Mapsfrontier.comPlugin Domain
Yoyoquiz.comPlugin Domain
Recipeally.comPlugin Domain
Supersimpletools.comPlugin Domain
playziz.comPlugin Domain
jumboquiz.comPlugin Domain
mapspilot.comPlugin Domain
expressdirections.comPlugin Domain
freeweatherapp.comPlugin Domain
gofreeradio.comPlugin Domain
lovetestpro.comPlugin Domain
playthunder.comPlugin Domain
quizflavor.comPlugin Domain
gamedaddioPlugin Domain
packagetrak.comPlugin Domain
FroovrPlugin Domain
classifiedsnearme.comPlugin Domain
gamezooks.comPlugin Domain
quicknewsplus.comPlugin Domain
playpopgames.comPlugin Domain
easytoolonline.comPlugin Domain
greatarcadehits.comPlugin Domain
crusharcade.comPlugin Domain
promediaconverter.comPlugin Domain
Arcadeyum.comPlugin Domain
dtsince.comControl Domain
comvng.comControl Domain
elsticsr.comControl Domain
gdprcountryrestriction.comDeterministic Domain
rowams.comRedirector Domain
glaulb.comRedirector Domain
rodmnd.comRedirector Domain
arpdmn.comRedirector Domain
fulamz.comRedirector Domain
rdrdmn.comRedirector Domain
rnddmn.comRedirector Domain
srvnmdom.comRedirector Domain
rdcnew.comRedirector Domain
rndmdmn.comRedirector Domain
amdaws.comRedirector Domain
fmtaws.comRedirector Domain
hometailer.comRedirector Domain
rdraws.comRedirector Domain
srvtop.comRedirector Domain
globlb.comRedirector Domain
frshdmn.comRedirector Domain
rawdws.comRedirector Domain
reddmn.comRedirector Domain
reqaws.comRedirector Domain
gleglb.comRedirector Domain
newdmn.comRedirector Domain
gluedc.comRedirector Domain
tmntho.comRedirector Domain
srvalgo.comRedirector Domain
wrrpam.comRedirector Domain
dmnamz.comRedirector Domain
rddmns.comRedirector Domain
Multiext.comLocal Storage Exfil Domain
ticsync.comEnd Domain
usavisitorco.comEnd Domain
usavisitorcenter.comEnd Domain
sponsergift.proEnd Domain
3f6i9.comEnd Domain
usaconsumerperks.comEnd Domain
rewardsecure.comEnd Domain
jenrx2u.comEnd Domain
runslin.comEnd Domain
securedgift.comEnd Domain
usasecureconsumer.comEnd Domain
usavisitorrewards.comEnd Domain
usavisitors.orgEnd Domain
usapremiumclub.comEnd Domain
usaperkscenter.comEnd Domain
usagiftscenter.comEnd Domain
premiumclubusa.comEnd Domain
usaclub.vipEnd Domain
.comTLD
.netTLD
.proTLD
.vipTLD
PackageTrak PromosPlugin Name
ProMediaConverter PromotionsPlugin Name
EasyToolOnline PromosPlugin Name
CrushArcade AdsPlugin Name
GreatArcadeHits AdsPlugin Name
ArcadeFrontier AdsPlugin Name
MapsFrontier AdvertisingPlugin Name
SuperSimpleTools PromosPlugin Name
Advertisements by ArcadeYumPlugin Name
PackTrackPlus PromosPlugin Name
EasyToolOnline PromosPlugin Name
PlayPopGames AdsPlugin Name
QuickNewsPlus PromosPlugin Name
GameZooks AdvertisementsPlugin Name
PackTrackPlus PromotionsPlugin Name
PackTrackPlus PromotionsPlugin Name
MapsFrontier Advertisement OffersPlugin Name
ExpressDirections PromosPlugin Name
MapsTrek PromosPlugin Name
ClassifiedsNearMe PromosPlugin Name
MapsTrek PromosPlugin Name
ClassifiedsNearMe PromosPlugin Name
ExpressDirections PromosPlugin Name
MapsTrek OffersPlugin Name
MapsVoyage PromotionsPlugin Name
FreeWeatherApp PromotionsPlugin Name
EarthViewDirections PromotionsPlugin Name
MapsFrontier AdvertisementsPlugin Name
ArcadeCookie OffersPlugin Name
RecipeAlly PromosPlugin Name
MapsTrek PromotionsPlugin Name
Offers by MapsFrontierPlugin Name
GamesChill AdsPlugin Name
PackTrackPlus PromotionsPlugin Name
MapsVoyage AdsPlugin Name
Advertising by MapsFrontierPlugin Name
PlayZiz AdvertisementsPlugin Name
Advertising Offers by MapsVoyagePlugin Name
MapsFrontier Advertising OffersPlugin Name
FreeWeatherApp PromosPlugin Name
FreeWeatherApp Advertisement OffersPlugin Name
ExpressDirections AdsPlugin Name
YoYoQuiz PromotionsPlugin Name
MapsVoyage AdvertisingPlugin Name
MapsPilot Ad OffersPlugin Name
GoFreeRadio PromosPlugin Name
Advertising Offers by FreeWeatherAppPlugin Name
Advertisement Offers by QuizKicksPlugin Name
Ads by MapsVoyagePlugin Name
JumboQuiz AdvertisingPlugin Name
MapsScout Advertising OffersPlugin Name
DeluxeQuiz AdvertisingPlugin Name
SuperSimpleTools PromosPlugin Name
Advertising by MapsPilotPlugin Name
Advertisements by MapsScoutPlugin Name
PackageTrak PromosPlugin Name
Ad offers by FroovrPlugin Name
PackageTrak PromosPlugin Name
GameDaddio MarketingPlugin Name
DearQuiz AdvertisingPlugin Name
Offers by MapsScoutPlugin Name
YoYoQuiz AdvertisementsPlugin Name
Advertisment Offers by GameDaddioPlugin Name
QuizFlavor AdvertisingPlugin Name
Advertisements by QuizDiamondPlugin Name
QuizPremium AdvertisementsPlugin Name
CouponRockstar OffersPlugin Name
MapsFrontier PromosPlugin Name
Advertising Offers by MapsPilotPlugin Name
PlayThunder OffersPlugin Name
LoveTestPro Ad OffersPlugin Name
oanbpfkcehelcjjipodkaafialmfejmiPlugin ID
lhfibgclamcffnddoicjmoopmgomknmbPlugin ID
ilcbbngkolbclhlildojhgjdbkkehfiaPlugin ID
pnhjnmacgahapmnnifmneapinilajfolPlugin ID
ocifcogajbgikalbpphmoedjlcfjkhghPlugin ID
peglehonblabfemopkgmfcpofbchegclPlugin ID
aaeohfpkhojgdhocdfpkdaffbehjbmmdPlugin ID
lidnmohoigekohfmdpopgcpigjkpemllPlugin ID
jmbmildjdmppofnohldicmnkojfhggmbPlugin ID
jdoaaldnifinadckcbfkbiekgaebkeifPlugin ID
ogjfhmgoalinegalajpmjoliipdibhdmPlugin ID
lebmkjafnodbnhbahbgdollaaabcmpbhPlugin ID
gjammdgdlgmoidmdfoefkeklnhmllpjpPlugin ID
kdkpllchojjkbgephbbeacaahecgfpgaPlugin ID
jaehldonmiabhfohkenmlimnceapgpnpPlugin ID
pmhlkgkblgeeigiegkmacefjoflennbnPlugin ID
ofdfbeanbffehepagohhengmjnhlkichPlugin ID
mjchijabihjkhmmaaihpgmhkklgakinlPlugin ID
poppendnaoonepbkmjejdfebihohaaloPlugin ID
eogoljjmndnjfikmcbmopmlhjnhbmddaPlugin ID
gdnkjjhpffldmfljpbfemliidkeeecdjPlugin ID
gelcjfdfebnabkielednfoogpbhdeoaiPlugin ID
ofpihhkeakgnnbkmcoifjkkhnllddbldPlugin ID
pjjghngpidphgicpgdebpmdgdicepegePlugin ID
nchdkdaknojhpimbfbejfcdnmjfbllhjPlugin ID
blcfpeooekoekehdpbikibeblpjlehlhPlugin ID
looclnmoilplejheganiloofamfilbcdPlugin ID
oehimkphpeeeneindfeekidpmkpffkgcPlugin ID
eebbihndkbkejmlgfoofigacgicamfhaPlugin ID
faopefnnleiebimhkldlplkgkjpbmceaPlugin ID
obcfkcpejehknjdollnafpebkcpkklblPlugin ID
jepocknhdcgdmbiodbpopcbjnlgecdhfPlugin ID
dehhfjanlmglmabomenmpjnnopigplaePlugin ID
ekijhekekfckmkmbemiijdkihdibnbghPlugin ID
pjpjefgijnjlhgegceegmpecklonpdjpPlugin ID
nlhocomjnfjedielocojomgfldbjmdjjPlugin ID
opooaebceonakifaacigffdhogdgfadgPlugin ID
ojofdaokgfdlbeomlelkiiipkocneienPlugin ID
gpaaalbnkccgmmbkendiciheljgpdhobPlugin ID
almfnpjmjpnknlgpipillhfmchjikknoPlugin ID
eeacchjlmkcleifpppcjbmahcnlihamjPlugin ID
lojgkcienjoiogbfkbjiidpfnabhkckfPlugin ID
gkemhapalomnipjhminflfhjcjehjhmpPlugin ID
icolkoeolaodpjogekifcidcdbgbdobcPlugin ID
abjbfhcehjndcpbiiagdnlfolkbfblpbPlugin ID
bbjilncoookdcjjnkcdaofiollndeplaPlugin ID
igpcgjcdhmdjhdlgoncfnpkdipanlidaPlugin ID
nfhpojfdhcdmimokleagkdcbkmcgfjkhPlugin ID
jfnlkmaledafkdhdokgnhlcmeamakhamPlugin ID
dibjpjiifnahccnokciamjlfgdlgimmnPlugin ID
fjclfmhapndgeabdcikbhemimpijpnahPlugin ID
jpnamljnefhpbpcofcbonjjjkmfjbhdpPlugin ID
iggmbfojpkfikoahlfghaalpbpkhfohcPlugin ID
fkllfgoempnigpogkgkgmghkchmjcjniPlugin ID
dealfjgnmkibkcldkcpbikenmajlglmcPlugin ID
abghmipjfclfpgmmelbgolfgmhnigbmaPlugin ID
dcbfmglfdlgpnolgdjoioeocllioebpePlugin ID
obmbmalbahpfbckpcfbipooimkldgphmPlugin ID
gbkmkgfjngebdcpklbkeccelcjaobblkPlugin ID
ehibgcefkpbfkklbpahilhicidnhibocPlugin ID
gmljddfeipofcffbhhcpohkegndieeabPlugin ID
dajgdhiemoaecngkpliephmheifopmjbPlugin ID
fdbmoflclpmkmeobidcgmfamkicinnlgPlugin ID
obbfndpanmiplgfcbeonoocobbnjdmdcPlugin ID
lgljionbhcfbnpjgfnhhoadpdngkmfnhPlugin ID
ddenjpheppdmfimooolgihimdgpilhfoPlugin ID
bblkckhknhmalchbceidkmjalmcmnkfaPlugin ID
fhkmacopackahlbnpcfijgphgoimpggbPlugin ID
eohnfgagodblipmmalphhfepaonpnjgkPlugin ID
emkkigmmpfbjmikfadmfeebomholoikgPlugin ID
fekjbjbbdopogpamkmdjpjicapclgamjPlugin ID
ff6f8c062bb9b4b66de6929ff2921f5fd9eff4b013b32842e9e7e51f609c1f0fSHA256 Hash
0c1a8ca8ad72db5c0c3babc8d2488cc4ac7815d8158d170c5fd4c1056cd7dd87SHA256 Hash
68707cfc2c7bfe721e22f681c86480c012ce7b28f442c2e0090fde95663b6f13SHA256 Hash
MapsPlugin Name Pattern
PromosPlugin Name Pattern
PackPlugin Name Pattern
PlusPlugin Name Pattern
AdPlugin Name Pattern
AdvertisingPlugin Name Pattern
OffersPlugin Name Pattern
QuizPlugin Name Pattern
MarketingPlugin Name Pattern
PromotionsPlugin Name Pattern
AdvertisementsPlugin Name Pattern
Scz?p=Redirector URI Pattern
Fzs?p=Redirector URI Pattern

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *