Anti-virus and trusted accounts not enough to avoid Chrome extension malware

Chrome Extension
A piece of banking malware discovered hiding behind a Chrome extension on Google’s Chrome Web Store for the second time in almost as many weeks, is just the latest to slip through in recent months. A number of nefarious applications have been infecting systems all over the world using the download platform, and many have been able to evade the most commonly used anti-malware solutions.

While of course, some anti-virus solutions are better than others, sometimes a piece of malware is so sophisticated it’s able to avoid detection by them all. This latest infectious trojan was discovered on the Chrome Web Store, and it masquerades as the “Interface Online” extension. It avoided detection by the 58 most common anti-viral applications.

Indeed it was so difficult to detect that even though it was removed just over two weeks ago from the Chrome Web Store, it was re-uploaded and made available again very recently, prompting the need for another user-report to bring it down. Discovered twice by the chief research officer at Morphus Labs, Renato Marinho (thanks Ars), the extension received upwards of 50 downloads during its tenure on the extension download platform.

The malware, in this case, was a data gathering one, designed to allow further exploitation of the victims. After securing form login information from the user, the malware transfers that data to a server controlled by the attackers, who can then use it to profile their victim. They then use that information to go after those who have financial control over the company they work for.

In targeted attacks, they call them up and use a combination of social engineering and phishing to have them give the attacker further access to financial information, which can result in banking theft.

As Ars points out, as problematic as this was, it’s just a symptom of a common problem affecting the extension store. Several Chrome extensions hosted on the Web Store have been discovered over the past year to contain malicious code, in some cases following the hijacking of legitimate developer accounts, making it very hard to know which extensions you can trust.

Although downloading any software from vetted sources is a great way to avoid being hit with malware, when the nefarious authors behind the malware are able to have it hosted on services like the Chrome Web Store, it makes it very hard to avoid them. That goes doubly so for the malware that is ultimately distributed under trusted developer accounts which have been compromised.

Marinho recommends that Google enable two-factor authentication for accounts on its Web Store to limit this problem, and encourage developer practices that limit extensions’ access to passwords and other credentials.


Just when you thought spam was dead, it’s back and worse than ever

Spam emails might seem like an outdated way to spread malware, but in 2018 they are proving to be the most effective attack vector thanks to new techniques and tricks.

Apple says Group FaceTime will not be part of initial launch of iOS 12

At this year's Worldwide Developer Conference, Apple unveiled its latest operating system, iOS 12. From app updates to group FaceTime, ARKit 2.0, and more, here are all the new features in iOS 12.

Having issues with Microsoft Edge? Here's how to fix the most common problems

If you're feeling frustrated with Microsoft Edge, or have run into a serious problem with Windows 10's built-in browser, take a look at these common issues and the solutions that can help you get back on track.

The 100 best Android apps turn your phone into a jack-of-all-trades

Choosing which apps to download is tricky, especially given how enormous and cluttered the Google Play Store has become. We rounded up 100 of the best Android apps and divided them neatly, each suited for a different occasion.
Emerging Tech

Automate all the little stuff in your life with these awesome IFTTT recipes

Curious about what kind of awesome things you can do with If This Then That? IFTTT recipes allow you to set up a variety of automated routines to make life easier. Check our list of the best and you'll be automating your life in no time!
Movies & TV

Tired of Netflix? Here's where to find free movies online, legally

We've spent countless hours digging around the web to find the best sites for streaming free movies online. Not only are all of these sites completely free to use, they're also completely legal and trustworthy.
Emerging Tech

Walmart’s new grocery robots aim to speed up your shopping experience

Walmart teamed up with a robot shuttle system company to find a way to speed up its in-store grocery pickup service. The service will launch in one Walmart superstore later this year.

The Facebook dating service will be free of charge and free of ads

Facebook is getting into the dating game. While the feature was one of the surprises from this year's F8, new details suggest what the feature may entail, including a few screenshots from a computer programmer.

Find your way around Google Maps with these handy tips and tricks

How good are your navigation skills? We've got a delectable menu of Google Maps tips and tricks for you right here, to take the pain out of your trips. Go from newbie to mapping master and learn how to use Google Maps.
Emerging Tech

Widespread internet access is causing mass sleep deprivation, study suggests

A study claims that high-speed internet may be costing us up to 25 minutes of sleep per night. And, surprisingly, the biggest problem isn't among those young people who are under 30.

Network routers with roaming enabled are likely susceptible to a new attack

Jens Steube discovered a new method to break into network routers while researching new ways to attack the WPA3 security standard. He stumbled onto an attack technique capable of cracking hashed WPA-PSK passwords.

Saving your favorite YouTube videos for posterity is quick, easy with these tools

Learning how to download YouTube videos is easier than you might think. There are plenty of great tools you can use, both online and offline. These are our favorites and a step by step guide on how to use them.

Hacker plays ‘Doom’ on John McAfee’s ‘unhackable’ BitFi Bitcoin wallet

The BitFi hardware cryptocurrency wallet isn't as unhackable as John McAfee claims. A 15-year-old bedroom hacker has managed to get Doom running on the device, suggesting its days may soon be numbered.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

Amazon Prime brings more perks than just free two-day shipping. Subscribers get access to a huge library of TV shows to stream at no extra cost. Here are our favorite TV shows currently available on Amazon Prime.