dozens of malware disguised as an extension for For Google Chrome and Microsoft Edge unmasked and detailed by virtual security company Guardio Labs. The programs have already been removed from the internet, but Add 1 million downloads before fighting.
The malicious programs in question Chrome and Edge customization extensions, to bring more colors and themes to browsers. Moreover, what they did was download scripts to take over their searches and create the ability to add their own affiliate links to websites visited.
The malware described in this post first reaches the victim’s computer by avoiding official stores. These are, for example, advertisements on websites accessible to the person that offer some services in exchange for installing the extension. Once installed, the alleged extensions accessed various “hidden” pages to download malicious scripts.
What these “extensions” do is add results to your search, which are actually ads that generate revenue from impressions and the sale of search data. They also updated the URLs of their store websites, turning any purchase you make there into a commission for the malware authors.
Could have been worse
None of these actions will directly harm the user, at most, there will be a delay in accessing the sites. But the Guardio folks explain that the same mechanism could be used for more malicious apps.
For example, instead of converting the URL to add affiliate links, the malware can redirect the user to a cloned page for phishing. You can go to your bank’s website and the malware will be redirected to another page that is the same but designed to be fake, which when placed there can steal your username and password.
Source: Tec Mundo