Security researchers from US cyber-security firm ICEBRG recently identified four extensions on the official Chrome Web Store which uses malicious Javascript code to perform click fraud using the user’s browser.

According to ICEBRG, they found malicious behavior from the four following extensions:

  • Change HTTP Request Header (ppmibgfeefcglejjlpeihfdimbkfbbnm)
  • Nyoogle – Custom Logo for Google (ginfoagmgomhccdaclfbbbhfjgmphkph)
  • Lite Bookmarks (mpneoicaochhlckfkackiigepakdgapj)
  • Stickies – Chrome’s Post-it Notes (djffibmpaakodnbmcdemmmjmeolcmbae)

The extensions had already been taken down after ICEBRG notified the National Cyber Security Centre of The Netherlands (NCSC-NL), the United States Computer Emergency Readiness Team (US-CERT), and the Google Safe Browsing Operations team. However, a number of users may still be using the said infected extensions.

Source: Bleeping Computer

Leave a Comment

Your email address will not be published. Required fields are marked *