Security Experts Discover Sophisticated Malware Campaign Targeting Android Users via Fake Chrome Install Pages
A security researcher has uncovered a network of Chrome extensions with hidden functionalities designed to track users and steal sensitive data. John Tuckner, a researcher at Secure Annex, identified 58 extensions, collectively installed 6 million times, that gained excessive permissions to access cookies, tokens, monitor behavior, and even run remote code.
The extensions, often disguised as privacy tools or ad-blockers, were either featured on the Chrome Web Store or hidden and unlisted. The unlisted extensions, which are not indexed by search engines, can only be accessed via direct links, often distributed through phishing schemes or malvertising campaigns.
The researcher noted that many of these extensions had alarming capabilities, including listing top websites visited, opening and closing tabs, and retrieving sensitive user information. Some were unlisted but still featured by Google, raising concerns about their legitimacy.
Tuckner discovered these extensions after noticing a pattern of suspicious behaviors, including misspelled domains and excessive permissions for basic functions. Many extensions lacked the codebase for their claimed purpose and contained heavily obfuscated code. Tuckner believes these extensions function as spyware or information stealers.
A number of these extensions have been removed from the Chrome Web Store, but some remain. The researcher continues to monitor their status and shared a list of the most popular malicious extensions, including Cuponomia, Fire Shield Extension Protection, and Total Safety for Chrome, which all had hundreds of thousands of installs.
The key indicators of malicious activity included excessive permissions, misspelled domains, and suspicious code patterns. Tuckner’s findings highlight the risks associated with poorly regulated Chrome extensions and the need for better security measures to protect users.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
