Owners of software stores (Google, Apple, Amazon, et al.) have to fight malware just as intensely as security solution vendors do. Like any circle, the process is never-ending: Cybercriminals write malware that worms its way into online stores, whereupon it gets named and shamed (not to mention deleted), the security policy is updated to avoid repeat incidents, and the cybercriminals contrive a way to sneak their creation past the new policy into the store.<\/p>\n
We always recommend installing apps from official sources only, but that doesn\u2019t mean that such sites are malware-free, just that there\u2019s less of it than elsewhere. And although Google Play is fairly safe, the Chrome Web Store is a different kettle of piranha. In it, our experts recently discovered a malicious extension that targets users\u2019 bank data.<\/p>\n
The culprit was an extension named \u201cDesbloquear Conte\u00fado\u201d (Portuguese for \u201cUnblock contents\u201d), which essentially carried out a man-in-the-middle attack<\/a>. When the user visited their bank\u2019s website, a malicious script redirected the traffic through a proxy server belonging to the cybercriminals, allowing them to analyze it and pick out what they wanted.<\/p>\n The malware also contained scripts designed to extract certain information entered by users online. For example, when a user signed visited the bank\u2019s login web-page, the malware used a screen overlay perfectly matching the bank\u2019s interface but replacing the login, password, and one-time confirmation code fields with its own. When the user pressed the login button, the malware copied the data for itself.<\/p>\n The domain on which the crooked C&C server was located used the same IP address as other domains previously exposed as malicious, which was one of the reasons the scheme caught our researchers\u2019 attention. Once they\u2019d confirmed their suspicions, the researchers contacted Google, and the malware was quickly removed from the Chrome Web Store.<\/p>\n Remember that during installation, Chrome extensions request access permissions that often give them near-limitless powers on your computer. Most malicious programs need just one permission: \u201cRead and change all your data on the websites you visit\u201d \u2014 which is pretty powerful.<\/p>\n So, handle extensions with extreme caution\u00a0\u2014 they\u2019re not necessarily benign<\/a>, although they\u2019re so easy to install, it\u2019s easy to assume they can\u2019t be powerful or do any harm.<\/p>\n Why you should be careful with browser extensions<\/a><\/p><\/blockquote>\n