More than 180K Chrome users have installed ad-injecting extensions

Share this article:
Happy New Year: Who are you?
Happy New Year: Who are you?

More than 180,000 Google Chrome users have installed at least one of a dozen ad-injecting extensions that are serving up spam on 44 different websites, according to findings by the threat and research analysis team with Barracuda Labs.

As of Jan. 30, the “logo quiz game” extension has been installed by nearly 82,000 users, and “counter strike cs portable” extension has been installed by about 27,000 users, according to a Monday post by Jason Ding, research scientist with Barracuda Labs.

Some of the more popular websites impacted by the extensions include youtube.com, yahoo.com, msn.com, imdb.com, myspace.com, and disney.go.com, Ding wrote, explaining all extensions had been served up on the Chrome Web Store directly.

“When users try to download the extensions from the Chrome Web store, it will ask for ‘Access data to all websites' permissions before users can download and install them,” Ding said in an email to SCMagazine.com on Tuesday. “Once granted these permissions, JavaScript codes are sitting behind users' browsers, and these extensions are available at users' Chrome address.”

Ding then delivered the bad news. “The JavaScript code downloaded has a URL point to an outside JavaScript hosted at www.chromeadserver.com [that] will be executed whenever users are browsing a webpage,” he said.

As a result, ads are injected into the websites, sometimes filling in empty spaces on the page, Ding said, adding the JavaScript is solely for spam, only operates in Chrome browsers and does not impact other parts of the user's system.

Ding said that Google has since removed the ad-serving extensions, but suggested the internet company tighten its review policies because, as it stands now, all a spammer has to do is change some names in order to serve up the bad extensions again.

Google is aware there is an issue.

One recent action taken by the Chrome developer involves forcing a prompt to alert Windows users that their Chrome settings may have been altered without their knowledge, or hijacked, according to a Friday post by Linus Upson, vice president of engineering with Google.

Clicking “Reset” will disable any extensions, apps and themes, Upson explained, adding that users can reactivate those features later as they see fit.

Those who have already installed the bad extensions will remain impacted until the threat is eliminated, Ding said, suggesting that users take care when installing extensions by checking reviews, ratings and developer information.

“Do not grant excessive permissions to plug-ins,” Ding said. “Use some common sense to determine whether these requirements are suspicious or not.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.