Security researchers at Reason Labs discovered three malicious Chrome web extensions that were installed on 1.5 million installations of the web browser. Distributed via torrents, these extensions acted as legitimate VPN extensions on first glance.
The extensions appear to have been spread via torrent files of popular video games. Reason Labs mentions Grand Theft Auto, The Sims 4, Heroes 3 and Assassins Creed torrents specifically, but there may have been other games. It found the trojan installer in over 1000 different torrent files that promised access to commercial games.
The downloaded setup files had a size between 60MB and 100MB. One common signee name was Spice & Wok Limited, but there have been others as well.
When the installer gets executed on the user's device, it unpacks one of the three malicious extensions on the system and installs it in the browser without user interaction. The extension is installed via a Windows Registry key, SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings\.
A method to install extensions in Chrome that bypasses users entirely is not new. Back in 2014, security researchers discovered a method to install Chrome extensions without any user interaction.
Two different extensions, netSave for Chrome and netPlus for Microsoft Edge, do get installed on the user's system. The malicious Chrome extension was installed 1 million times according to the researchers.
The JavaScript code has more than 20,000 lines according to the researchers, which makes it difficult to analyze. The researchers discovered that it runs a fake VPN and what they call a cashback activity hack.
Once the extension is installed, it will disable other cashback extensions that may be installed in the infected web browser. It also delivers a fake VPN user interface to hide its true intentions from the user.
The extensions are in Russian and they appear to target Russian speaking regions and users, including Russia, the Ukraine or Kazakhstan.
Reason Labs informed Google about the malicious extensions. Google has removed the extensions in the meantime from the Chrome Web Store.
Chrome and Edge users who download torrent files may want to check the list of installed extensions in the browser to make sure that these extensions are not installed on their devices.
Research Labs notes that the developer of the extensions seems to have created other extensions. The company recommends that users installed extensions, games and programs from legal and legitimate sources only. It also recommends running up-to-date antivirus software, avoid clicking on unknown links or popups, and to enable two-factor authentication wherever possible.
Additional information, including technical details, can be found on the ReasonLabs website.
Now You: do you use browser extensions?
Nearly two billion people across the world suffer from a blood condition called anemia. People living with anemia have a lower than average number of
Barely a few months ago, Wall Street’s big bet on generative AI had a moment of reckoning when DeepSeek arrived on the scene. Despite its heavily cens
As AI tools improve, we keep getting encouraged to offload more and more complex tasks to them. LLMs can write our emails for us, create presentations
OpenAI has released its GPT‑3.5 Turbo API to developers as of Monday, bringing back to life the base model that powered the ChatGPT chatbot that took
Google is steadily rolling out contextual improvements to Gemini that make it easier for users to derive AI’s benefits across its core products. For e
If you are an Android user wanting to avoid Google Gemini as your default digital assistant, you’re in luck! The latest beta version of ChatGPT allows
Windows 11 has support for voice commands like “Open Edge” largely for accessibility purposes but with the latest Insider preview build, it’s taking a
Meta wants a piece of the pie — a big piece — when it comes to generative AI. As part of its long-term strategy to embed itself in every part of our l
We are a comprehensive and trusted information platform dedicated to delivering high-quality content across a wide range of topics, including society, technology, business, health, culture, and entertainment.
From breaking news to in-depth reports, we adhere to the principles of accuracy and diverse perspectives, helping readers find clarity and reliability in today’s fast-paced information landscape.
Our goal is to be a dependable source of knowledge for every reader—making information not only accessible but truly trustworthy. Looking ahead, we will continue to enhance our content and services, connecting the world and delivering value.
