Security News Cyber-espionage group uses Chrome extension to infect victims

[silversurfer]

Content source

https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/

In what appears to be a first on the cyber-espionage scene, a nation-state-backed hacking group has used a Google Chrome extension to infect victims and steal passwords and cookies from their browsers.

This is the first time an APT (Advanced Persistent Threat --an industry term for nation-state hacking groups) has been seen (ab)using a Chrome extension, albeit it's not the first time one has used a browser extension, as the Russian-linked Turla APT previously used a Firefox add-on in 2015 [1, 2].

According to a report that's going to be published later today by the ASERT team at Netscout reveals the details of a spear-phishing campaign that's been pushing a malicious Chrome extension since at least May 2018.

Hackers used spear-phishing emails to lure victims on websites copied from legitimate academic organizations. These phishing sites, now down, showed a benign PDF document but prevented users from viewing it, redirecting victims to the official Chrome Web Store page to install a (now removed) Chrome extension named Auto Font Manager.

 

[LDogg]

Dang, hopefully is was removed before it could full damage to thousands.

~LDogg

 

[DeepWeb]

Google advertised Chrome web store as a secure place to find extensions. How did they lose control over it? I've been trying to aggressively reduce the number of extensions that I use and only using those that have their code on Github/Gitlab for people to examine. Also cut out any extensions that don't get updated regularly.

 

[ChemicalB]

Google advertised Chrome web store as a secure place to find extensions. How did they lose control over it?

Yes, Google says the same for the Play Store.........we can trust it!

 

[509322]

Yes, Google says the same for the Play Store.........we can trust it!

No matter what anyone states, the user is always responsible for the overall security. That is how it works. If party XYZ states "You are protected", the user is still fully responsible for what happens on their system. That's just how it works. I know people want to say "If you tell me I can trust something, then I expect to be able to fully trust it." Well, that's definitely not how it works and is an unrealistic expectation on the user's part. Is "You re protected" disingenous ? No, it isn't because what happens in the case of a compromised system is covered in the EULA. It's the user's responsibility for accepting stuff at face value, not doing what it takes to find out about all the exceptions, and not reading the EULA.

Microsoft states "You are protected on W10." Most people here know it just ain't true... that the statement is merely Window's dressing... no pun intended.

 

[Deleted member 178]

Indeed, no one force the user to install crap, so its fault.

Stores are stores, they just store, that is it.

 

[shmu26]

The devs of extensions sometimes sell their product to someone else. And you won't know until it's too late. The dev doesn't know what the new buyer will do...
Use as few extensions as possible.

 

[ForgottenSeer 72227]

Extensions will always create the potential for security issues, even ones we like to use for security. IMO it's no different than installing an app or program on your phone/computer, the potential is always there. People may say, well that's what my security program is for and that's fair, but we all know security programs can miss things too (ie: the CCleaner fiasco). Personally I think it's best to just limit the amount of extensions/programs you have to the absolute necessary ones you use/need. If you don't need office, don't install it. The same can be said for extensions as well.

In the case of Google and its issues with extensions/playstore, I do think they can do a better job then what they are doing currently. It doesn't mean you still cannot download malicious apps/extensions, but clearly their vetting process needs some serious work.