Don't Let Your Users Download Malicious Chrome Extensions


Here's a relatively "innocent" example of this risk. The ‘AdBlock’ and ‘uBlock’ look just like legitimate Chrome extensions but instead engage in cookie stuffing to defraud affiliate marketing programs, a researcher has found.

Google has removed two malicious ad blockers from its Chrome Web Store after a researcher discovered they were carrying out ad fraud and deceived Chrome users by using names of legitimate and popular blockers.

Researcher Andrey Meshkov from rival ad blocker maker AdGuard discovered that the extensions “AdBlock” and “uBlock” found in the store were fraudulent and alerted users in a blog post. Rather than legitimately block ads on websites—the obvious purpose of this type of browser extension–the malicious blockers perform what’s called “cookie stuffing,” Meshkov said.

In this technique—which has been used since the internet’s early days–a website or browser extension adds extra information to a user’s cookie so it looks like more people clicked on an affiliate ad than actually did. Cybercriminals use cookie stuffing to win money through ad fraud.

By using fake ad blockers, cybercriminals can earn commission on purchases made on sites stuffed with the cookies, Meshkov said. What’s especially difficult in terms of preventing this type of ad fraud is that it’s difficult for users downloading fraudulent adblockers to tell the difference from legitimate ones, he said.

A much more malicious form of this is social engineering users to download Trojans and other backdoors via sideloading, or potentially a site that looks just like the Chrome Web Store. We strongly recommend locking down Chrome and whitelist the only allowed extensions.  Full story at ThreatPost.

Discover dangerous look-alike domains that could be used against you! 

Since look-alike domains are a dangerous vector for phishing attacks, it's top priority that you monitor for potentially harmful domains that can spoof your domain.

Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action now.

DomainDoppelgangerResults-1Here's how it's done:

  • Get detailed results of look-alike domains found similar to your primary email domain
  • You can now quiz your users with your look-alike results
  • Get a summary PDF that contains an overview of the look-alike domains and associated risk levels discovered during the analysis
  • It only takes a few minutes to discover your “evil domain twins”!

Find Your Look-Alike Domains!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews