Google has started to scan newly uploaded applications and extensions in its Chrome Web Store, similar to what they already do in the Android Play Market.
We have written about quite a few cases where malicious extensions were pushed on social network users. Usually they claim to add a new functionality to the social network, like seeing who visited your profile. Not all of them are hosted on the official Chrome Web Store, so the new process will not stop all malicious extensions finding their way to the user. That being said, Symantec welcomes Google’s effort to remove malicious Chrome extensions as soon as possible and the improvements that were made to their automated system to help them detect items containing malware.
Malicious extensions for browsers are quite powerful. Once the user installs an extension and grants it permission, it can perform malicious tasks from within the browser. This can lead to man-in-the-browser (MITB) attacks with financial Trojans such as Zeus, swapping Web content, stealing passwords from login forms, or performing click-fraud in the background. At the moment, these malicious extensions are very popular with social networks scams. We wrote about the danger of malware in Firefox extensions in 2009 and this can also apply to Chrome extensions.
Figure 1. Malicious browser extension claiming additional feature
Regarding the malicious extensions that are being pushed on social media, be cautious when you see offers for free products on social networks, especially products that are highly sought after. If a feature is not currently available on a social network, chances are there is a reason that it is not available. Do not install browser extensions from unverified sources, even if they offer free products or access to an unavailable feature, and be especially suspicious of anything that is promoted aggressively on your social networks.