AtomBomb
00lunedì 20 gennaio 2014 09:10
Chrome extensions being bought out by malware vendors in order to peddle malicious updates
Recently, malware vendors have been purchasing popular Chrome extensions in order to distribute malicious code, adware and malware to every user of the extension.
According to ArsTechnica, the danger lies in Chrome's 'silent updates': Google designed Chrome specifically to be smooth and noninvasive, which means silently updating browsers and extensions without a hitch. But it also means that users aren't told when ownership of an extension is transferred to another company - so they're left in the dark if a malicious vendor suddenly decides to push dangerous updates.
And as it turns out, exactly that has been happening. Adware vendors are purchasing popular extensions and subsequently pushing out silent updates filled with malicious and invasive code to users' browsers. This was experienced firsthand by the developer of the popular 'Add to Feedly' extension: A mysterious buyer approached him and offered him a four-figure sum to transfer ownership of the extension that he had developed. When he took them up on their offer, the new owners pushed out an update which pumped the extension full of adware, leaving the extension's 30,000 users at the short end of the stick with potentially compromised browsers.
This exact scenario has happened to plenty of other Chrome extension developers as well, and as its prevalence increases, users may find it difficult to properly diagnose and remove the compromised extensions. Since most virus scanners don't mark adware-filled Javascript as malicious, figuring out which extension is causing the problems may be difficult. And since Chrome syncs account data across all devices, a malicious extension downloaded on your laptop will also have to be deleted from your desktop - and your phone, tablet, and Chromebook.
The internet certainly isn't a novice to this sort of malware. A few weeks ago, Yahoo confirmed that some of the ads on its site were filled with malicious code - and even Google is aware of the issue, implementing 'malware detection' into a beta browser back in November. But as the Chrome web browser becomes more and more popular, the prevalence of folks looking to harm your computer and steal your personal information will certainly increase in turn.
About a month ago, I had a very simple Chrome extension called "Tweet This Page" suddenly transform into an ad-injecting machine and start hijacking Google searches. A quick search for the Chrome Web Store reveals several other extensions that reviewers say suddenly made a U-turn from useful extension to ad-injector. There is even an extension that purports to stop other extensions from injecting ads. Injected ads are allowed in Chrome extensions, but Google's policy states that which app the ads are coming from must be clearly disclosed to the user, and they cannot interfere with any native ads or the functionality of the website.
-----------------------------------------
In poche parole, delle aziende stanno comprando delle estensioni di Chrome per utilizzarle per distribuire pubblicitĂ , gli utenti non vengono avvisati quando un'estensione viene acquistata da un'altra persona e, siccome Chrome ha gli aggiornamenti silenziosi, non si sa neanche quando ricevono degli update.