500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.
These extensions were part of a malvertising and ad-fraud campaign that’s been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been active since 2017.
The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security, which unearthed 70 Chrome Extensions with over 1.7 million installations.
Tip: Review extension permissions, consider uninstalling extensions rarely used or switch to other software alternatives that don’t require such invasive access to your browsing activity.
Source Credits: THN https://thehackernews.com/