Don't Let Your Users Download Malicious Chrome Extensions


Here's a relatively "innocent" example of this risk. The ‘AdBlock’ and ‘uBlock’ look just like legitimate Chrome extensions but instead engage in cookie stuffing to defraud affiliate marketing programs, a researcher has found.

Google has removed two malicious ad blockers from its Chrome Web Store after a researcher discovered they were carrying out ad fraud and deceived Chrome users by using names of legitimate and popular blockers.

Researcher Andrey Meshkov from rival ad blocker maker AdGuard discovered that the extensions “AdBlock” and “uBlock” found in the store were fraudulent and alerted users in a blog post. Rather than legitimately block ads on websites—the obvious purpose of this type of browser extension–the malicious blockers perform what’s called “cookie stuffing,” Meshkov said.

In this technique—which has been used since the internet’s early days–a website or browser extension adds extra information to a user’s cookie so it looks like more people clicked on an affiliate ad than actually did. Cybercriminals use cookie stuffing to win money through ad fraud.

By using fake ad blockers, cybercriminals can earn commission on purchases made on sites stuffed with the cookies, Meshkov said. What’s especially difficult in terms of preventing this type of ad fraud is that it’s difficult for users downloading fraudulent adblockers to tell the difference from legitimate ones, he said.

A much more malicious form of this is social engineering users to download Trojans and other backdoors via sideloading, or potentially a site that looks just like the Chrome Web Store. We strongly recommend locking down Chrome and whitelist the only allowed extensions.  Full story at ThreatPost.

Discover dangerous look-alike domains that could be used against you!

Our Domain Doppelgänger tool makes it easy for you to identify your potential “evil domain twins” and combines the search, discovery, reporting, and risk indicators, so you can take action now.

DomainDoppelgangerResultsBetter yet, with these results you can now generate an online assessment test to see what your users are able to recognize as “safe” domains for your organization. You then receive a summary of the test results to understand how security-aware your users are when it comes to identifying potentially fraudulent or phishy domains.

With Domain Doppelgänger, you can:

  • Search for existing and potential look-alike domains
  • Get a report with aggregated results that includes risk indicators, and
  • Generate an online “domain safety” quiz based on the results to administer to your end users

This is a complimentary tool and will take only a few minutes.

Domain Doppelgänger helps you find the threat before it is used against you.

Find your look-alike domains here:

Find Your Look-Alike Domains!

Don't like to click on redirected buttons? Copy & paste this link into your browser:

Subscribe To Our Blog

Domain Spoof Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews