Half a million Chrome users have been using a couple of malicious extensions to their browsers, according to reports.
Researchers from security firm Icebrg detected four malicious extensions: Change HTTP Request Header, Nyoogle, Lite Bookmarks and Stickies. Between them, the extensions have been downloaded half a million times.
Change HTTP Request Header is, according to the duo, a legitimate feature which hides the browser type from being tracked. However, it downloads “a JSON blob from the ‘change-request[.]info’ and that blob pushes a configuration update. Only then does an obfuscated JavaSript gets pulled in from the control domain.
Google has removed the extensions from the Chrome Store.
“The total installed user base of the aforementioned malicious Chrome extensions provides a substantial pool of resources to draw upon for fraudulent purposes and financial gain," the report added.
"The high yield from these techniques will only continue to motivate criminals to continue exploring creative ways to create similar botnets. It should be noted that although Google is working to give enterprises more options for managing Chrome extensions, without upstream review or control over this technique, malicious Chrome extensions will continue to pose a risk to enterprise networks."
Image Credit: JMiks / Shutterstock