Google has had a nagging problem with Chrome browser extensions, which the well-funded search-engine giant clearly does not properly screen before allowing them in the Chrome Web Store. "The extensions' backdoors are well-hidden and the extensions only start to exhibit malicious behavior days after installation, which made it hard for any security software to discover," Avast said. No matter who the user is, the extensions wait a while before doing anything dodgy. Avast said the extensions can tell whether the user might be a web developer or a security researcher by analyzing traffic and, if so, then won't perform any malicious activities. The extension designers took great care to avoid suspicion, which may indicate that their ultimate goal might be more than just ad fraud and search-engine redirection. Worse, the extensions have the power to "download further malware onto a user's PC," Avast said. "The actors also exfiltrate and collect the user's birth dates, email addresses, and device information, including first sign-in time, last login time, name of the device, operating system, used browser and its version, even IP addresses (which could be used to find the approximate geographical location history of the user)," the Avast report said.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |