Thanks to the work of the researchers at Reason Labs it was possible to identify three Chrome extensions harmful.
These, cleverly disguised as VPN and at first glance completely legitimate, they were installed on 1.5 milioni in browser all over the world. These add-ons, according to experts, have spread through some torrents related to counterfeit games (among which stand out GTA 5, The Sims 4 and many others). An in-depth analysis has revealed how extensions are installed on Chrome through over 1,000 different torrent files which contain the same trojan.
The installation of the malicious agent occurs when the victim tries to install the counterfeit software when, without asking the user’s consent, the extensions are installed through a Windows registry key (that is to say SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings\).
While this method is certainly not new, with some similar cases identified in 2014, it apparently has a high rate of effectiveness, given the huge number of victims recorded.
Fake VPNs and counterfeit software: the disturbing discovery from Reason Labs
The offending extensions are netSave for Chrome (which alone has 1 million installations) e netPlus per Edge. These act both as falseVPN that as systems cashback.
Once installed, the add-ons disable other cashback extensions that may be installed in your browser, then providing a fictitious interface to the user, posing as a phantom VPN to hide their illicit activities.
Data collected by Reason Labs reveals what plugins look like Russian language. This would suggest that the target of victims identified by hackers should correspond to the nations that were once part of the Soviet Union.
The researchers’ report was immediately taken into consideration by Google which promptly removed the offending extensions from Chrome Web Store.
Despite this, Research Labs wanted to raise the alarm, warning users of the strong risk they are running. In this sense, experts recommend installing only reliable extensions and coming from the Google store, as well as systematically avoiding any type of counterfeit software. Using a antivirus high level, updated periodically can offer an additional level of protection.