Watch out for this extension for Chrome: it’s malware and cannot be easily removed
MalwareBytes has discovered a new extension for Chromeche that can compromise the browser and potentially spy on the user’s web browsing activity.
The researcher Pieter Arntz has discovered for Malwarebytes a couple of extensions that can compromise the proper functioning of Chrome and Firefox, two of the most widespread web browsers in the world. In the case of Chrome, there is a malicious code that allows the display of fraudulent technical support campaigns and give the possibility to attackers to spy on the user’s browsing activities of the infected system.
The malevolent extension capable of hitting Chrome is ” Tiempo en colombia en vivo ” , and can be installed on systems with navigation to some websites. If you try to leave these sites, several loop windows are opened until you agree to install the extension. Furthermore, if you select the option to prevent the page from creating other pop-ups, the page is displayed in full screen by offering the dialog to add the extension.
Once installed, the latter can tamper with browser searches and direct them to certain web pages or YouTube videos in order to increase traffic illegitimately. The extension is also designed to make it difficult to remove: if the user tries to access the ” chrome: // extensions / ” page, where the installed extensions can be managed, the browser will redirect to the page ” chrome: // apps? r = extensions “.
The latter is nothing more than a simple list of the various apps and extensions installed on Chrome, with the voice for the removal of the same that is not visible. There are several procedures to solve the problem, but too cumbersome for the less-experienced user. Among these install an anti-malware program (Malwarebytes suggests its tool, of course) or rename the JavaScript file ” 1499654451774.js ” in the folder where the extension is installed.
This way, you can restore the normal state of Chrome and delete the malicious extension with the traditional procedure. The Arntz report to Google was made about three weeks ago, but the extension that was removed only last Friday from the store. The possibility of infection still remains, as well as already infected computers. Finally, remember that last day 500 thousand downloads for 4 harmful Chrome extensions (already removed).
A similar extension is also available on Firefox. In this case, the user can install it through banners that propose the ” manual ” update for the browser, and the removal procedure is also hindered by preventing access to the ” about: addons ” page. To get around the strategy on Firefox simply start the browser in Safe Mode (leaving the Shift key pressed when running), which allows you to launch the software without any extension.