The Computer Emergency Response Team of India (CERT-In) has advised internet users to exercise caution while installing Google Chrome extensions. The company said that it removed over 100 malicious extensions after they were found collecting sensitive user data. CERT-In also said that it found these extensions contained code to bypass Google Chrome’s Web store security scans. CERT-In comes under the Ministry of Electronics and Technology and deals with cybersecurity threats.
The malicious extensions had the ability to take screenshots, read the clipboard, harvest authentication cookies or grab user keystrokes to read passwords and other confidential information, said the agency.
“It has been reported that Google has removed 106 extensions of the Google Chrome browser from the chrome web store which were found collecting sensitive user data,” the agency said in the advisory.
“These extensions reportedly posed as tools to improve web searches, convert files between different formats as security scanners and more,” it added. The federal cybersecurity agency suggested users to uninstall Google Chrome extensions with IDs given in the IOCs section.
Users can visit the chrome extensions page and subsequently enable developer mode to see if they have installed any of the malicious extensions and then remove them from their browsers, it said.
Last month, researchers had said that spyware effort attacked users through 32 million downloads of extensions to Google’s Chrome web browser. Google had said that it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers.
Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.
In January this year, Google had suspended all the commercial extensions in the wake of a significant increase in the number of fraudulent transactions that aim to exploit users.
Malicious developers have been using Google’s Chrome Store as a conduit for a long time.
The agency advised Internet users to only install extensions which are absolutely needed and refer user reviews before doing so. They should uninstall extensions which are not in use, it said, adding that users should not install extensions from unverified sources.