Internet Browsers are taking a major role in our daily life , as we are become a internet addict users. Not only the browsers, we are become addict to use the other online services such as Facebook, Gmail, Amazon and some Cloud storage apps. Storing or sharing our most important data on this kind of online services is not a good practice. It becomes the worst practice while you are using these services with zero security.
Peoples are unaware that using online services without security can let hackers to hack you with minimal efforts. As Google Chrome extension from which many users are become infected let hackers to have full control on your data. A 19 years old Computer Science student at Swiss Federal Institute of Technology in Switzerland, found a security hole in Chrome web store that allow hackers to upload malware laced extension. Now a days bogus age verification extension infecting the chrome user.
What These Type Of Malware Laced Extension Can Do?
These type of malware laced extension work behind the eyes, so it is not easy to determine that what\s going wrong with our system. A malware laced extension named “Viral Content Age Verify” is a third party extension that infect chrome users. This extension let the hacker to steal and changes the data of website that you have visited, it also steal and read out your emails. This extension is also used to steal the login credentials of your personal accounts.
How Kjaer Discover This Malware Laced Extension?
Kjaer said in his blog post that, when i become to see my news feed on my Facebook Account. I have noticed that one of my was regularly liking some weird, lewd, clickbaity links. As clickbaity contents are not much common on Facebook i was surprised to see that every post that my Friend is liked have 900+ likes while on the other hand the page behind this type of posts have only 30 likes. Another thing that i have seen which is that every post on that page is posted more then 25 times.
I clicked on a creepy content and i was able to see a pop up message that ” verify your age before view the content”. For the age verification it required to install a chrome extension.
i decided to install that extension and begin to have a look inside it. This extension is provided by the viralands.com. I have seen that there were 9 more extension that is removed now. But at that time when i seen extensions had a total of 132,265 users, Kjaer said.
What Kjaer Founds In Malware Laced Extension?
Kjaer just started to look inside that extension and found it\s manifest.json file that contains the metadata of any extension. Metadata means the version of extension , name of extension, permissions and other details. Kjaer found the following code in that extension’s manifest file.
Kjaer also find another code that shows, this extension will install and run 3 scripts that will run continuously, there is a code below
This scripts is used to fetch data from anywhere , store it , evaluate it and send it to it;s author.
Kjaer reported this extension and Google Chrome security hole, but the Google did not respond to him. However the extension is blacklisted now. If you have also installed it then remove it immediately. This extension will also removed automatically as it is blacklisted in Chrome Web Store.