Home > Cyber News > Malicious Apps Still End Up in Chrome Web Store

Malicious Apps Still End Up in Chrome Web Store

For some time now, Google has been trying to limit the security issues related to the numerous applications that get installed on Google Chrome along with the installation of various unverified extensions.
It is mandatory for apps and extensions that get installed on Chrome to be in the Chrome Web Store. This is how Google monitors the entire process and keeps away malicious applications. The user can still download them from any web location he prefers but if they are not in the store, they simply won’t work.

Yet Another Malicious Extension in the Web Store

Despite this policy, things still don’t go as smoothly as they should. Malicious apps still make their way into the Web Store. The most recent example originates in Facebook, where a click-bait post tries to get the user’s attention to a video about drunk girls. As soon as the user clicks on the link, he gets redirected to a webpage that looks exactly like YouTube. The problem is that the video there doesn’t actually work.

In order to be able to view the video, the user is asked to install a Chrome extension, which the user wouldn’t actually need if he had landed on the real YouTube site.

Clicking on the pop-up notification takes the use to the Chrome Web Store, where he is offered to download the malicious extension. As soon as the installation is finished, the user is redirected to the real YouTube page where he can watch the video.

Once the extension is active, it starts generating Facebook posts and comments from the victim’s profile. It also sends links via the Facebook chat, which is actually how the extension gets spread.

Malicious Apps Get Downloaded All the Time

Security experts from TrendMicro report that the creators of the extension have employed a virtual private server in Russia where several domains are registered. The dangerous websites were mainly visited from people in Brazil, UK, the United States and Argentina.

This is far not the first time a malicious extension makes it past Google’s security. Most of them that seem to be malicious have only been in the Store shortly. Unfortunately, they are getting thousands of downloads.

If Google really wants to assure Chrome’s safety and decline the option of installing any third party extensions, Google has to enhance the security at least and put everything to the test.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share