Malignant chrome expansion spies out users, Google reacts too late

Google accidentally distributed perfidious spyware about various popular chrome extensions. Several hundreds of thousands of users are now probably affected, but the malware camouflages itself so cleverly that it is hard to discover.

Dangerous spyware in chrome extension

Once again, Google has accidentally helped spread sophisticated spyware that can capture browser meetings. The malware is now hidden in a legitimate chrome extension called “Color Picker, Eyedropper – Geco Colorpick”, which was infected with the malware at the end of June, like that Online magazine Bleeping Computer reports.

The expansion was completely legitimate for years and was very popular with web designers and developers. This is the trick behind the fraud. With over 100,000 downloads, a Google verification badge and a prominent placement on the Chrome Web Store, it was considered trustworthy and was therefore attacked and manipulated by hackers. The tool enables the easy capture of colors of websites and delivers hex and RGB color codes.

Like security researchers from Report koi security the malware implements a sophisticated browser hijacking mechanism that becomes active with every page call. A hidden background process monitors all tab activities and collects comprehensive data on the surfing behavior of the users. As soon as the expansion is active, each URL visited is sent to a command-and-control server together with a clear tracking ID. The installation of the expansion is completely inconspicuous.

Refined camouflage of the malware

It installs an apparently legitimate, verified color selection that works as expected. This complete functionality serves as a perfect camouflage for the malignant background surgery, since users get exactly what they expect from an extension of colors. Infographic browser market: However, the steep climb of Google Chrome in parallel to the legitimate functions runs an invisible surveillance mechanism.

The malware can receive instructions from your Command-and-Control server in order to redirect users to harmful websites or to load other harmful content. Particularly perfidious: the forwarding is often delayed or only under certain conditions to make it difficult to discover.

Recommended protective measures

Koi Security recommends all users of the expansion of the expansion. First, the expansion should be uninstalled immediately, followed by deleting the browser data to remove stored tracking IDs. A complete system malware scan is also advisable, as it cannot be ruled out that other harmful components have been installed. The Color Picker is also not alone with the problem. According to Bleeping computers, the following extensions have also been manipulated:

Manipulated chrome extensions

Emoji keyboard online – copy and paste of emoji
Free weather forecast
Video Speed Controller – video manager
Unlock discord – vpn proxy to unlock discord everywhere
Dark Theme – Dark Reader for Chrome
Volume Max – Ultimate Sound Booster
Unlock Tikok-seamless access with one-click proxy
Restate youtube VPN
Unlock tikok
Weather

In addition, those affected should check their online accounts for suspicious activities and check further installed extensions for similar behavior. Google itself only reacted when the security experts’ reports let the alarm bells ring, then the extensions were excluded from the new download and the updates were stopped.