Malicious Chrome Extensions Capture Web Browser Activity
NJCCIC Alert
Original Release Date: 2018-02-09
Security researchers have detected a new group of malicious Chrome extensions capable of capturing sensitive information entered in web browsers such as names, credit card numbers, CVV numbers, and email addresses. These extensions abuse session replay, a JavaScript code commonly used by website administrators to analyze how users interact with their site. The malicious extensions have random names, such as Strawberry Daiquiri Cocktail and BrowserWatch, and inject advertisements into the webpages a user is viewing. The malicious extensions are estimated to have impacted over 400,000 users prior to their removal from the Chrome Web Store.
The NJCCIC recommends users review Trend Micro’s report for a list of the malicious extensions. We also recommend users review Bleeping Computer’s article for removal instructions and consider installing a reputable ad-blocking and/or script-blocking extension.
Featured Content
- Pulse Connect Secure Vulnerabilities Are Actively Being Exploited>
- Phishing Campaigns Attempt to Steal Credentials for Cloud Services>
- Geico Hack Impacts Residents in 8 States>
- SonicWall Email Security Vulnerabilities Are Actively Being Exploited>
- New Critical Vulnerabilities in On-Premises Microsoft Exchange Servers>
- Threat Actors Abuse Contact Forms in Recent Malware Campaigns>
- Google Chrome Vulnerabilities Exploited in the Wild – Patch Now>
- Increase in Ransomware Attacks Targeting Education Sector>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.