295 malicious Chrome extensions discovered with millions of downloads

Get a free Techzine subscription!

Over 80 million Google Chrome users have downloaded at least one malicious extension that steals search results from Google and Bing and inserts ads at the same time, according to research by AdGuard.

AdGuard, a company that provides adblocking solutions, discovered the existence of almost three hundred Chrome extensions that insert ads in Google and Bing search results. The plugins were often presented as adblockers in the Chrome Web Store, which led to their discovery by AdGuard. A number of these extensions were offered as utilities for displaying the weather forecast or making it easier to capture screenshots in the browser.

The majority of the extensions, 245 out of 295, were used to apply a custom background when opening a new tab.

In reality, the extensions download externally hosted code, which was then used to display ads in Google and Bing search results. At the beginning of this week, all of the 295 discovered malicious plugins were still available in the Chrome Store, but Google started removing some of them during the week.

Victims will be notified

If you have downloaded one of the almost three hundred extensions, Google will inform you about it. Chrome extensions that are removed from the store will be automatically deactivated and marked as malware in the extension list. To be entirely sure that the extension is no longer present, a user will have to remove it from the browser manually.

Tip: Are browser extensions still safe to use?