Researcher uncovers network of risky Chrome extensions with over 4 million installs

In a nutshell: A security researcher recently uncovered nearly three dozen Chrome Web Store extensions exhibiting suspicious behavior. Many present themselves as search assistants, while others pose as ad blockers, security tools, or extension scanners – all mysteriously linked to a single, unused domain. John Tucker, founder of browser security firm Secure Annex, discovered the suspicious extensions while assisting a client who had installed one or more for security monitoring. The first red flag: two of the 132 extensions he analyzed were unlisted, meaning they don't appear in web searches or the Chrome Web Store. Users can only download these tools via a direct URL. Unlisted extensions aren't that uncommon. Businesses sometimes use them to limit public access to internal tools. However, malicious actors often use unlisted extensions to exploit users, keeping them hidden and making it difficult for Google to detect. After Tucker began analyzing the two suspicious extensions, he unc ... Read full article.