Malicious Chrome Extensions Impact 500,000 Users

Security researchers at ICEBRG discovered four malicious Chrome extensions available for download through the official Chrome Web Store. The extensions, which impacted approximately 500,000 users, includedChange HTTP Request HeaderNyoogle - Custom Logo for GoogleLite Bookmarks, and Chrome's Post-it Notes. Threat actors delivered malicious commands to unsuspecting users via JavaScript code which was then used to conduct click-fraud in an effort to generate revenue for the developers. The NJCCIC recommends users who installed the malicious Chrome extensions uninstall them immediately and consider installing a reputable ad-blocking and/or script-blocking extension. We also recommend reviewing ICEBRG’s reportfor technical details related to these extensions including associated domains and IoCs.