According to the report after a two-month long investigation by security researcher Jamila Kaya and the Duo Security team at Cisco, Google has removed more than 500 malicious Chrome extensions from its official Web Store.
The extensions were found to be a part of a large fraudulent advertising network that injected adware into browsers and pulled browsing data while trapping users with redirect cycles.
In some cases the advertisements have diverted users to websites belonging to big names like Dell and Best Buy, but most of them have brought users to pages that threaten downloading and phishing malware.
“We appreciate the work of the research community, and when we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” said a Google spokesperson.
Such removals would likely impact millions of users. According to Duo, their initial investigation found that the extensions it discovered had been downloaded by approximately 2 million people, however, Google’s subsequent action based on Duo’s knowledge increased dramatically in this area.
It’s not clear exactly how many people installed these extensions, but as noted, if you try an extension and it doesn’t work anymore, that might be the reason why.
Security researchers have found over the years that scammers and fraudsters have gradually used browser extensions for malware planting and other malicious campaigns.
Though hackers could still target browser extensions have been removed from the Chrome extensions. Security researchers warn users to test the browser extensions they are using, delete expired extensions, and also report unknown extensions.