Google's Chrome Web store used to spread malware

Google Chrome logoCrooks have found a new venue to push malware: the official Google Chrome Web Store. It was recently used to hawk Chrome browser extensions secretly hijacking users' Facebook profiles.

According to Kaspersky Lab expert Fabio Assolini, one malicious extension hosted on Google's own servers contained hidden code that "can gain complete control" of the user's Facebook profile. The extension then used that access to spread malicious messages and register Facebook Likes for certain items, also inviting fellow users to install it. The same operators advertised a service that delivered Likes of companies looking to promote their profiles. It costs about $27 per 1,000 Likes.

The company distributing this malicious extension was unnamed in the report as was the specific app. Assolini said Google personnel removed the malicious extension shortly after Kaspersky reported it to them. "But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game," he warned. He didn't elaborate on the number of extensions or how long he's been observing them other than to say the malicious app Kaspersky discovered had 932 users.

Over the past few years, the openness of Google's Android Market has represented one of the more conspicuous ways its users are attacked. As the software equivalent of a Wikipedia-like bazaar to which anyone may contribute, it has repeatedly been seeded with applications that take liberties with end users' phones and data. Kaspersky's report suggests similar attacks are exploiting Google's Chrome Web Store.

"It is against the Chrome Web Store Content Policies to distribute malware," a Google spokesman wrote in an email. "When we detect items containing malware or learn of them through reports, we remove them from the Chrome Web Store and from active Chrome instances. We've already removed several of these extensions, and we are improving our automated systems to help detect them even faster."

Last month, Google unveiled a cloud-based service called Bouncer that scours the Android Market for malicious smartphone apps.

Source: Ars Technica

Tags: Chrome, Google

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


WAnto#10 0
Yep, I got one this morning. I am prttey good at spotting these scam emails, but not this one. I thought it was real. But when I clicked on the Follow this link nothing happened (perhaps because I am on a Mac or using Thunderbird) I knew. I immediately searched Google about a scam and found this site.People, be careful!
Reply 
WAnto#20 0
Yep, I got one this morning. I am prttey good at spotting these scam emails, but not this one. I thought it was real. But when I clicked on the Follow this link nothing happened (perhaps because I am on a Mac or using Thunderbird) I knew. I immediately searched Google about a scam and found this site.People, be careful!
Reply 
WAnto#30 0
Yep, I got one this morning. I am prttey good at spotting these scam emails, but not this one. I thought it was real. But when I clicked on the Follow this link nothing happened (perhaps because I am on a Mac or using Thunderbird) I knew. I immediately searched Google about a scam and found this site.People, be careful!
Reply 
PurlsOf#40 0
Ich habe schlechte Internet mit 16 ooo Geschwindigkeit, muss immer in jede Seite<a href="http://ezptdqri.com"> weartn</a>, teure Internet und ganz langsam, mit Zestf6rung, wegen schlechte Anbieter ich kann nicht mit Adsense und mit AdWords arbeiten.
Reply 
PurlsOf#50 0
Ich habe schlechte Internet mit 16 ooo Geschwindigkeit, muss immer in jede Seite<a href="http://ezptdqri.com"> weartn</a>, teure Internet und ganz langsam, mit Zestf6rung, wegen schlechte Anbieter ich kann nicht mit Adsense und mit AdWords arbeiten.
Reply 
PurlsOf#60 0
Ich habe schlechte Internet mit 16 ooo Geschwindigkeit, muss immer in jede Seite<a href="http://ezptdqri.com"> weartn</a>, teure Internet und ganz langsam, mit Zestf6rung, wegen schlechte Anbieter ich kann nicht mit Adsense und mit AdWords arbeiten.
Reply 
Dave#70 0
I think they're both equal, but obviously Chrome is the defualt browser inп»ї Android Jelly Bean. I'm surprised Google didn't make Chrome worse on iOS like they do with most apps, and like they did with Google Drive.. http://qvneryj.com [url=http://plixrjyya.com]plixrjyya[/url] flvnquv
Reply 
Dave#80 0
I think they're both equal, but obviously Chrome is the defualt browser inп»ї Android Jelly Bean. I'm surprised Google didn't make Chrome worse on iOS like they do with most apps, and like they did with Google Drive.. http://qvneryj.com [url=http://plixrjyya.com]plixrjyya[/url] flvnquv
Reply 
Dave#90 0
I think they're both equal, but obviously Chrome is the defualt browser inп»ї Android Jelly Bean. I'm surprised Google didn't make Chrome worse on iOS like they do with most apps, and like they did with Google Drive.. http://qvneryj.com [url=http://plixrjyya.com]plixrjyya[/url] flvnquv
Reply 

Last news

 
Consumer group recommends iPhone 8 over anniversary model
 
LTE connections wherever you go and instant waking should come to regular PCs, too
 
That fiction is slowly becoming a reality
 
The Snapdragon 845 octa-core SoC includes the Snapdragon X20 LTE modem
 
Human moderators can help make YouTube a safer place for everyone
 
Google says Progressive Web Apps are the future of app-like webpages
 
All 2018 models to sport the 'notch'
 
The biggest exchange in South Korea, where the BTC/KRW pair is at $14,700 now
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
24252627282930
31      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (4)