"Researchers Discover Two Dozen Malicious Chrome Extensions"

Researchers at the security vendor Cato Networks discovered two dozen malicious Google Chrome browser extensions. They also found 40 malicious domains associated with the extensions that are being used to inject adware, steal credentials, and redirect victims to malware distribution sites. According to the researchers, the extensions were found on networks belonging to hundreds of the vendor's customers. Endpoint protection tools and threat intelligence systems were also not flagging the extensions. The extensions pose significant threats to enterprises as security researchers have discovered them performing malicious activities such as stealing usernames and passwords, stealing financial data, and more. Cato Networks says its researchers analyzed five days of network data collected from customer networks to try to identify whether the extensions communicate with command-and-control (C&C) servers. Network traffic was correlated with extension behavior to classify the extensions as benign or malicious preliminarily. As a result, the company identified 97 out of 551 unique extensions as likely to be malicious. In the next phase of this research, each extension was manually inspected to determine whether they are truly malicious or benign. The manual inspection resulted in the identification of 85 malicious extensions, 24 of which had not been previously classified as malicious. This article continues to discuss the recent discovery of 24 malicious Chrome extensions and 40 malicious domains, the risks posed by such extensions, and four different approaches used by threat actors to introduce malicious extensions into users' browsers. 

Dark Reading reports "Researchers Discover Two Dozen Malicious Chrome Extensions"