{"id":53529,"date":"2025-05-29T11:18:39","date_gmt":"2025-05-29T15:18:39","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=53529"},"modified":"2025-05-29T11:18:39","modified_gmt":"2025-05-29T15:18:39","slug":"suspicious-chrome-extensions-with-6-million-installs","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/suspicious-chrome-extensions-with-6-million-installs\/53529\/","title":{"rendered":"57 shady Chrome extensions clock up six million installs"},"content":{"rendered":"

Cybersecurity researchers have discovered 57 suspicious extensions<\/a> in the official Chrome Web Store with more than six million users. The plugins caught their attention because the permissions they request don\u2019t match their descriptions.<\/p>\n

What\u2019s more, these extensions are \u201chidden\u201d \u2014 meaning they don\u2019t show up in Chrome Web Store searches, and search engines don\u2019t index them. Installing such a plugin requires a direct link to it in the Chrome Web Store. This post details why extensions can be a dangerous tool in cybercriminal hands, explains the direct threat posed by these recently discovered plugins, and gives tips on how not to fall victim.<\/p>\n

Why extensions are dangerous, and how convenience undermines security<\/h2>\n

We\u2019ve posted many times about why browser extensions shouldn\u2019t be installed thoughtlessly<\/a>. Browser plugins often help users speed up routine tasks, such as translating information on websites or checking spelling; however, the minutes you save often come at the cost of privacy and security.<\/p>\n

This is because, in order to work effectively, extensions typically need access to everything you do in the browser. Even Google Translate asks for permission to \u201cRead and change all your data on all websites\u201d you visit<\/a> \u2014 that is, not only can it monitor what you do online, but also alter any information on a page. For example, it might display a translation instead of the original text. If that\u2019s what an online translator can do, just imagine what a malicious extension with the same access can get up to!<\/p>\n

The problem is that most users are unaware of the risks posed by plugins. Whereas executable files from untrusted sources have come to be viewed as potentially dangerous, browser extensions enjoy a broad level of trust \u2014 especially if downloaded from an official store.<\/p>\n

Too many unnecessary permissions<\/h2>\n

In the case of the 57 suspicious extensions found in the Chrome Web Store, the main sign of malicious intent was the broad sweep of permissions requested, such as access to cookies \u2014 including authentication ones.<\/p>\n

In practice, this allows attackers to steal session cookies from victims\u2019 devices, and those session cookies are used to avoid entering a password each time they visit a website. Such cookies also enable scammers to sign in to victims\u2019 personal accounts on social networks or online stores.<\/p>\n

\"Example<\/a>

Browser Checkup for Chrome by Doctor is one of the suspicious extensions masquerading as an \u201cantivirus\u201d for the browser. Source<\/a><\/p><\/div>\n

In addition, the permissions requested grant the malicious extensions a host of interesting capabilities, including:<\/p>\n