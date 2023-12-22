A recent discovery by cybersecurity company ReasonLabs has revealed a dangerous threat lurking within the Chrome Web Store. Three malicious Chrome extensions, disguised as Virtual Private Networks (VPNs), have been downloaded a staggering 1.5 million times, putting millions of users at risk. These malicious extensions have been found to act as browser hijackers, cashback hack tools, and data stealers, compromising users’ privacy and online security.

The malware was spread through an installer hidden in pirated copies of popular video games, such as Grand Theft Auto and Assassins Creed, which are often distributed via torrent sites. ReasonLabs found that over a thousand distinct torrent files were delivering the malicious installer, fooling users into unknowingly installing the dangerous extensions.

Upon installation, the fake VPN extensions take control of the user’s browser, hijacking it on the registry level. The victim is not required to take any action or provide consent, making the infection process seamless and invisible to the user. The malware carefully avoids antivirus detection and proceeds to install netSave on Google Chrome and netPlus on Microsoft Edge.

These malicious extensions have extensive access to the user’s browsing activity and can manipulate web requests, steal sensitive data, disable other installed extensions, and even redirect profits from cashback and coupon extensions to the attackers. Many popular cashback extensions, including Avast SafePrice and Honey, are targeted by this malware, further compromising users’ online shopping experiences.

The campaign primarily targets Russian-speaking users, with most infections occurring in Russia, Ukraine, Kazakhstan, and Belarus. However, the threat is not limited to these regions, and users worldwide should be vigilant.

This discovery emphasizes the urgent need for users to regularly review their browser extensions and be cautious when downloading software from unverified sources. Checking user reviews and ratings in the Chrome Web Store can provide valuable insights into the legitimacy and security of extensions. Additionally, maintaining up-to-date antivirus software can help detect and prevent such threats from infiltrating your system.

By staying informed and taking proactive measures, users can defend themselves against the ever-evolving landscape of online threats and protect their privacy and security while browsing the internet.