Hackers Target Dozens of VPN, AI Extensions For Google Chrome To Compromise Data 12
An anonymous reader quotes a report from The Record: Cybersecurity researchers have uncovered dozens of attacks that involve malicious updates for Chrome browser extensions, one week after a security firm was compromised in a similar incident. As of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, mostly related to artificial intelligence (AI) tools and virtual private networks (VPNs), according to a report by ExtensionTotal, a platform that analyzes extensions listed on various marketplaces and public registries. These extensions, collectively used by roughly 2.6 million people, include third-party tools such as ChatGPT for Google Meet, Bard AI Chat, YesCaptcha Assistant, VPNCity and Internxt VPN. Some of the affected companies have already addressed the issue by removing the compromised extensions from the store or updating them, according to ExtensionTotal's analysis. [...]
It remains unclear whether all the compromised extensions are linked to the same threat actor. Security researchers warn that browser extensions "shouldn't be treated lightly," as they have deep access to browser data, including authenticated sessions and sensitive information. Extensions are also easy to update and often not subjected to the same scrutiny as traditional software. ExtensionTotal recommends that organizations use only pre-approved versions of extensions and ensure they remain unchanged and protected from malicious automatic updates. "Even when we trust the developer of an extension, it's crucial to remember that every version could be entirely different from the previous one," researchers said. "If the extension developer is compromised, the users are effectively compromised as well -- almost instantly."
It remains unclear whether all the compromised extensions are linked to the same threat actor. Security researchers warn that browser extensions "shouldn't be treated lightly," as they have deep access to browser data, including authenticated sessions and sensitive information. Extensions are also easy to update and often not subjected to the same scrutiny as traditional software. ExtensionTotal recommends that organizations use only pre-approved versions of extensions and ensure they remain unchanged and protected from malicious automatic updates. "Even when we trust the developer of an extension, it's crucial to remember that every version could be entirely different from the previous one," researchers said. "If the extension developer is compromised, the users are effectively compromised as well -- almost instantly."
vpn extension? (Score:2)
Re: (Score:3)
why the hell would you use a vpn extension?
There are plenty of people who don't understand VPNs. If you don't understand VPNs, you won't understand why or why not it would make any sense to have a browser extension doing VPN stuff.
Re: (Score:2)
Re: (Score:2)
People don't know any better. Has been like that for decades since dubious porn sites pushed their special ActiveX control for that warm spyware/adware/BHO experience.
Re: (Score:3)
Because nearly all the of the US southern states have decided to enact anti-pornography laws, and one of the largest streaming providers (providing sites like PornHub, YouPorn and others) has blocked access from those states, because the requirements to prove age would require storing personal information they'd rather not hold.
As such, VPN usage amongst those states has skyrocketed. You can bet a ton of those users are going to be the less sophisticated types looking to get access for their fix rather than
Re: (Score:2)
why the hell would you use a vpn extension?
Because we don't force some form of education / licensing for using a computer device, so you don't actually need any knowledge of computers whatsoever to own one and use it on a public-facing network. People think of computers as a commodity device, and treat them as toys, even when using them to do banking, business transactions, insurance reviews, or any other personal or business related activity. We don't treat them as serious devices and that lack of seriousness translates into everything they touch f
Mostly very obvious scams, like Honey (Score:3)
Honey was a very obvious scam - I said years ago their business model must be exactly what they're now being accused of doing (like it's a surprise) - especially after they got bought by the scammers at Paypal. Even if it actually started legit, there was no way it was going to survive being legit at Paypal.
And most of these extensions are, like Honey, very obvious scams. If you're someone dumb enough to install something like 'TinaMeet', 'Vidnoz Flex', 'ChaptGPT for Google Meet', 'VPNCity' (sure, explicitly route all your web browsing through the CCP, save them the trouble), or 'Keyboard History Recorder' (are you f@$#ing kidding me?!) then your extensions being further compromised by the CyberHaven attackers is probably the least of your problems. Some people just can't be helped.
It's enough for me to naively wish that everyone gets assigned a scam/tech literacy level and your computer and phone come locked down to that, and then someone with a higher rating can do things for your computer. Of course I realize exactly why that can never work, especially social engineering, regulatory capture, etc. But most people are absolutely not knowledgeable enough to have admin on their own computer/browser - it's monkeys with dynamite. And an extremely target rich environment for scammers at all levels of legitimacy (like Honey).
Just another reason I don't use Chrome (Score:2)
Nothing new (Score:2)
Some years ago I had a look into these extensions.
1. Go and install a lot of "Facebook Privacy" extension that tell you that facebook can't track you and people won't see if you read their messages
2. Unzip them (they are just zip files)
3. Have a look in the source.
They all followed the same pattern, providing a useless button and otherwise doing nothing ... except for inserting referal IDs into Amazon links. It were literally hundreds of similar extension even though I only looked into about ten of them. Bu
Re: (Score:2)
Addendum: I've tried to find similar extensions for Firefox and haven't found such simple scams. There are a lot of extensions I wouldn't want to install, but I haven't found any that are really just a scam without providing any functionality.
The real threat from AI isn't the robot apocalypse (Score:2)
The real threat from AI is the mass manipulation of technologically ignorant people to act against their own best interests. Hence the huge sums being invested to promote it and resultant craze for anything "AI capable".