You really don’t want these browser extensions

June 22, 2020

EXECUTIVE SUMMARY:

Malicious Chrome

Recently, security researchers discovered that 106 Chrome browser extensions contained malicious scripts. Scripts collected sensitive user data.

Financial services, oil and gas, healthcare, retail, high-tech, education and other groups may have run these browser extensions on their systems, enabling bad actors to spy into networks. By May of 2020, these extensions saw as many as 32 million downloads.

One security research group believes that the same threat actors built all of these extensions via a GalComm domain. “…many extensions also appeared to share the same graphics and codebase, with slight changes.”

Chrome has removed the majority of these extensions from the Chrome Web Store, with the remaining few due for removal shortly. In step with standard practice, within users’ browsers, admins have deactivated these Chrome extensions. To see if you’ve installed any of these malicious extensions, visit the Chrome extensions page.

Malicious Tor

While Tor browsers are popular for movie streaming and downloads, Tor browsers can also present security threats. Hackers can perform man-in-the-middle attacks, manipulating traffic as it moves through the internet. In addition, malicious actors have means of exploiting full website URLs.

According to Tor Browser management, the team had developed a “Network Health” group to monitor hackers. However, due to the coronavirus pandemic and business downsizing, the “Network Health” team is operated at a reduced capacity.

Tor intends to address the issue of hackers by continuing to overhaul the threat review process. In addition, new limits on the “influence” of unknown relays is set to help too. Tor intends to trammel the hackers.

In 2019, anonymous hackers on the Tor browser managed to steal at least $40,000 in bitcoin. More money may have evaporated than that. In this scheme, hackers used two different websites to dupe targets. Once a user clicked on the malicious site, they were redirected to an additional website. This second site catalyzed a Windows installer, which downloaded malicious code.

Rather than altering binary components of the Tor browser, attackers altered settings in the browser + in the HTTPS Everywhere extension. As a result, hackers managed to remain unseen for years. These malicious domains first emerged in 2014.

A spokesperson for Tor stated that all users must ensure that software derives from official sources. Downloading software often comes with risk, but human awareness and conscientiousness can limit this risk. Further, law enforcement has turned its attention towards Tor criminals. In turn, users can expect risk to recede.

The hackers’ tactics appeared subtle, and concern about their continuation abounds. For more on this story, visit ZDNet and Cyberscoop.