A sneaky extension for Chrome, Firefox prevents its removal, hijacks browser

Chrome Apps

Internet security firm Malwarebytes recently discovered that a pair of extensions will not only hijack Chrome and Firefox, but will block any attempts to remove them from these two browsers. The version found in Chrome is a forced extension resulting from web pages that trick visitors into installing the extension via a JavaScript-based popup. The Firefox version stems from advertisements pretending to be an official manual update requirement warning posted by Mozilla. 

“Tiempo en colombia en vivo” is the name of the invading Chrome extension. Malwarebytes doesn’t provide any specifics about what this extension actually does to Chrome but presumably, it completely hijacks the browser to push technical support scams, drive click numbers on specific websites, or completely hijack web searches. The company’s listing says it could spy on your web browsing activities too. 

It’s essentially force-installed by hijacking the browser on websites supporting the extension. If you try to leave the page, a popup appears asking to add an extension for exiting the page. If you select cancel, another popup will appear with an additional tick box that says “Prevent this page from creating additional dialog.” Check the box, hit “OK,” and the browser goes full screen with a popup revealing the name of the extension that is supposedly distributed through the Chrome Web Store. 

Thinking it’s legit, Chrome users install the extension. But the problems only get worse for there. When Chrome users attempt to access the in-browser extensions section, they are directed to a fake extension page that doesn’t list the installed, offending extension. Because this page is internal, disabling JavaScript doesn’t fix the problem. The only way to regain control is to add “–disable-extensions” after chrome.exe in the shortcut command line (which disables all extensions), or rename the “1499654451774.js” file in the extensions folder. 

Meanwhile, the Firefox extension takes a different route. Victims will see a web-based advertisement warning that Firefox requires a manual update. Taking the bait, they inadvertently install the offending extension, which prevents them from accessing the internal “about:addons” page by closing the tab. To remove the extension, you can restart Firefox in safe mode. Extensions are not active in this state, thus you can remove any add-on before restarting the browser. 

“If you are kept on a Firefox tab by JavaScript(s) that keep popping up with prompts, and you are unable to close the window in the usual way, you can terminate Firefox by using Task Manager,” the company states. “When you restart Firefox, it will not be able to restore the session for that tab.” 

Believe it or not, Task Manager is your best friend in Windows. Simply type CTRL+ALT+DEL, and you can open the Task Manager window to force-close any browser tab that refuses to close. You don’t need to install anything to escape the clutches of a malicious web page. Even more, Google and Mozilla absolutely do not send warning advertisements on web pages to manually upgrade your browser. Updates are typically performed behind the scenes. 

Editors' Recommendations