Computer

These 350 Chrome Extensions Are Hacking You: Delete Them Now

Thanks to the browser extensions it is possible to add functions that are not available as standard. And, with the right extensions, you can make your browser much more useful than it can be by default. However, these can also be the main sources of malware infection, as hackers are, as usual, constantly looking for new ways to attack users. And some campaigns, like the one that has just come to light that affects Google Chrome, are the most worrying.

the security firm Zimperium has just released a new family of malware for Windows that has been baptized as ABCsoup. As these security outsiders explain, this malware was hidden inside Chrome extensions, which were capable of evading all Chrome security systems, the Google store, and even the most professional Windows antivirus solutions.

Typically, these extensions have not been distributed through the Chrome Store, but instead have been shipped over the Internet by hackers hidden in other programs. Opening them copied the extension to Chrome. And it did not raise suspicions since it used the same ID as another popular extension: Google Translate (aapbdbdomjkkjkaonfhkkikfgjllcleb). For Chrome, and for security firms, this is a reliable extension. But, in reality, he has a dangerous threat inside him. Also, if the user already had the Google Translate extension installed, the malware deleted it to take its place.

malicious ABCsoup extension

Once the extension was installed, it would start showing ads to users based on their interests. Furthermore, it is capable of create fingerprints to track all activity, and even inject JavaScript into webs to monitor what you type. But its main objective is the Russian public, since it monitors the use of social networks in that country and, if the user enters, collects all kinds of personal data, such as name, surname, date of birth and gender. And all the data is sent to an external server.

Identify extensions with adware in Chrome

If it’s such a well-organized malware campaign, how can I tell if I’m infected? As we have said, all extensions that have this adware use the same ID as the Google Translate extension. Therefore, we simply have to open the Chrome extensions panel by typing “chrome://extensions/” in the address bar, and search for the extension ID, in this case: “aapbdbdomjkkjkaonfhkkikfgjllcleb”.

Google Translate Chrome Extension

If the Google Translate extension appears, at first we do not have to worry, since it is the original (although, just in case, we can delete it to make sure). In case another extension with this ID appears, then we have been infected by this malware.

In this case, our recommendation is delete the extension as soon as possible, and completely clean the browser. We should also analyze the entire PC with an antivirus, and take the opportunity to change all the passwords of the websites where we are registered, since they will be in the hands of hackers.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *