Govt’s cyber security agency says over 100 malicious Chrome extension removed, asks users to be cautious
The agency CERT-In advised Internet users to only install extensions which are absolutely needed and refer user reviews before doing so.
The Computer Emergency Response Team of India (CERT-In) has advised internet users to exercise caution while installing Google Chrome extensions.
The company said that it removed over 100 malicious extensions after they were found collecting sensitive user data. CERT-In also said that it found these extensions contained code to bypass Google Chrome’s Web store security scans.
CERT-In comes under the Ministry of Electronics and Technology and deals with cyber security threats.
The malicious extensions had the ability to take screenshots, read the clipboard, harvest authentication cookies or grab user keystrokes to read passwords and other confidential information, said the agency.
The agency advised Internet users to only install extensions which are absolutely needed and refer user reviews before doing so.
Last month, researchers had said that spyware effort attacked users through 32 million downloads of extensions to Google’s Chrome web browser. Google had said that it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers.
Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.
In January this year, Google had suspended all the commercial extensions in the wake of a significant increase in the number of fraudulent transactions that aim to exploit users.
Malicious developers have been using Google’s Chrome Store as a conduit for a long time.