More than three million Google Chrome users have received a warning of around 16 browser content that has been affected by hackers.
CyberSecurity -Experts urged users to remove them now after they found criminals who had injected malignant codes In the software.
This allows Hackers to steal user data and commit 'search engine -fraud' -the scam of driving to Hacker -controlled websites for advertising income.
The list contains blipshot, emojis, color changer for youtube, video effects for youtube and audio enhancer, themes for Chrome and YouTube image in photo and Mike Adblock für Chrome, Super dark mode and emoji keyboardemojis for Chrome.
Adblocker for Chrome, Adblock for you, Adblock for Chrome, agile recording, Kproxy and page renewal, Wistia Video Downloader is also considered compromised.
The Gitlab Threat Intelligence team, which discovered the schedule, noted that Chrome removed the extensions from his web store. But users who have downloaded them must remove them manually.
The best way to prevent a hijacked browser extension is to investigate the programs that you install on your computer and read any reviews that warn of possible dangers.
This includes checking which 'permissions' requires an extension, which means which files or devices are the program that wants to have access to the user's blessing.
Researchers have discovered 16 chrome extensions that have been hacked and must be removed by everyone they have installed
Chrome itself does not support extensions on Android phones, which limits the scope of the threat to those who install these programs on their computers.
In contrast to typical apps and extensions built by hackers all over again, these chrome extensions were actually taken over by cyber criminals using phishing attacks on developers.
In some cases, the makers of the extensions were acquitted in transferring control over their inventions.
When the hackers were in control, they could inject malignant updates into the extensions, which means that everyone she had installed had already opened the door for a future cyber attack.
Notebook check explained that “all these changes went unnoticed by users who had previously given permission to these extensions, so that attackers could manipulate in real -time web activity.”
The Gitlab Threat Intelligence team also noted that all these extensions had one with regard to the common thing – the permissions they asked for access.
All hacked chrome extensions used permissions with which they can communicate with any website that the victims visit.
This allowed them to also inject those websites with malignant code. Simply put, the Chrome-Add-us have traveled together with the Google users, who may spread the code of the hacker everywhere where they flashed on the internet.
Before installing a new browser represence, you must read feedback about the program to see if other users have encountered malware or other problems
Tech experts say that the threat endangers the digital security of approximately 3.2 million people, with these extensions doing everything, from advertising blocking to improving YouTube
Tech experts at Tom's Guide explain that although browser content can make the internet easier to use, they are not as popular as many of the apps on a smartphone.
Extensions such as advertising blockers are often made by smaller companies or even individual programmers, making it really difficult to know if the extension you want to install is legitimate.
The Tom team recommends that Chrome users carefully the permission of any extensions they want to install.
Also read the reviews of the program to see if previous users have experienced problems or suspicious activities.
Gitlab Threat Intelligence revealed that different users of these 16 hijacked extensions warned others to prevent them from being installed after the programs hacked their browsers.
“The abuse of the threat actor of trusted software distributors and the reputation of the Chrome Web Store also helped to make this attack more effective,” Gitlab Threat Intelligence added.
The attack that focuses on legitimate extension developers with phishing schedules comes after a recent warning for billions of Google -e -mail users.
An advanced phishing tool is to enable hackers Steal the web security data of a victim in real time, the target for fool by thinking that they normally registered on their accounts by sending them to a fake webpage that looks like their browser.
James Knight, an expert in cyber warfare with 25 years of experience, told DailyMail.com that everyone should have a spam filter on their accounts to block these phishing -e -mails.
In addition, suspicious e -mails that you direct to click on a link must be immediately deleted if they do not end up in your spammap.
According to the FBI, phishing schedules were the most mentioned form of internet crime in 2023, making it almost a third of all cyber crimes that year.
In addition to removing these extensions and checking the permissions for those you keep, technical experts are urging everyone who has installed these programs to use antivirus software to scan their computers on signs of malware or other viruses.
