Join the IMPACT coaches for a deep dive on a new topic every month in our free virtual event series.

Register Here
Close

Join the IMPACT coaches for a deep dive on a new topic every month in our free virtual event series.
Register Here
The Ultimate Inbound Marketing Strategy Playbook 2022

Take your inbound strategy to the next level

  • Master the 7 principles of highly effective inbound marketing
  • Dramatically improve your inbound sales
  • Get more buy-in at your company

Where did your extensions go? Google bans 500+ malicious extensions

By Jen Barrell

Where did your extensions go? Google bans 500+ malicious extensions

Google has banned more than 500 extensions from its Chrome Web Store after it was discovered they had been inserting malicious ads into users’ browsing sessions.

While it is uncertain exactly how many times these extensions had been installed, according to ZDNet, who broke the story, the number is likely to exceed 2 million.

 Join the IMPACT coaches for a deep dive on a new topic every month in our free virtual event series.

In an investigation that began two months ago, independent security researcher Jamila Kaya found that hundreds of extensions were infecting browsers. She teamed with Cisco’s Duo Security team and escalated concerns to Google, which then removed the offending extensions from the store.

The details of the investigation

Kaya used Cisco’s Duo Security extension analyzer tool, CRXcavator, to find that extensions that appeared to be playing by Google’s rules were using advertising to redirect users to certain sites.

In some cases, users were directed to legitimate sites but with an affiliate link so the extensions could get credit for the page visit. In other more nefarious cases, users were sent to a page that infected them with malware or exposed them to a phishing scheme.

Researchers were able to confirm the bulk of these extensions had been operational since January 2019, but it also may be linked to a larger operation going back several years.

According to Duo, this type of “malvertising” operation is on the rise:

Malvertising often occurs within other programs, acting as a vehicle for multiple forms of fraudulent activity, including ad-fraud, data exfiltration, phishing, and monitoring and exploitation. Alternatively, it also emerges in multipart malicious campaigns that involve advertising collection and defraudment.

The prominence of malvertising as an attack vector will continue to rise as long as tracking-based advertising remains ubiquitous, and particularly if users remain underserved by protection mechanisms.

Google moved quickly to take down the offending extensions marked by Kaya, in addition to removing additional ones uncovered in its own investigation.

A Google spokesperson reported to Kaya and the Duo team:

We appreciate the work of the research community, and when we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses. We do regular sweeps to find extensions using similar techniques, code, and behaviors, and take down those extensions if they violate our policies.

How can you protect yourself from extension attacks?

There’s not much you need to do to protect yourself from this particular attack: the offending extensions have been removed from the Chrome Web Store.

If you had any of these extensions installed, you’ll find that they no longer open immediately when you try to launch them. Instead, you’ll see a popup notifying you that the extension has been disabled and marked as malicious. You’ll have the option of reactivating the extension — after all, Google can’t uninstall things from your desktop.

That said, be aware that reactivating the extension will expose you to malicious advertising, phishing pages, and/or malware. 

If you suspect that you’ve been exposed to malware from these extensions or other sites, Google has provided a detailed explanation of how to remove unwanted ads, pop-ups, malware, and programs.

The best advice is to only install extensions that come from reputable sources. You can also go a step further to verify the safety of your extensions by installing the Chrome Extension Source Viewer add-on.

To find the extensions that were removed, Duo has compiled a full list.

The best Chrome extensions for marketers

On the other hand, there are tons of content marketing tools that are insanely useful, free, and completely safe. If you’re looking to expand your extension horizons, here are some of my favorites:

You’ll find these and many more tools in the Google Chrome Web Store.

Just remember to keep cybersecurity in mind when downloading your next new extension. 

Join the IMPACT coaches for a deep dive on a new topic every month in our free virtual event series.

Topics:

Search Engine Optimization
News
Sales & Marketing Technology
Published on February 25, 2020

Recent Articles

Video SEO: How To Optimize Videos To Drive Traffic to Your Website
May 9, 2022 • 8 min read
37 Eye-opening SEO Statistics To Nail Your 2022 Search Strategy
April 28, 2022 • 10 min read
10 Reasons Why Your Website Is Not Ranking In Google
February 10, 2022 • 15 min read
9 SEO Best Practices for Stronger Organic Traffic in 2022
November 18, 2021 • 12 min read
Google Shares New Tools to Audit Website User Experience
August 12, 2021 • 3 min read
Google: Website Content Quality More Important Than Quantity
August 10, 2021 • 3 min read
How Long Tail Keyword Research Can Drive Business
August 9, 2021 • 7 min read
How to Optimize Videos On Your Business Website for Search
July 23, 2021 • 4 min read
Google: 'Here's how to prepare for the future private web'
July 16, 2021 • 4 min read
Too many internal links in content can confuse Google about site structure
July 9, 2021 • 5 min read
Google July 2021 core update rolling out over next 2 weeks
July 2, 2021 • 4 min read
Inbound Marketing Help: My Traffic And Leads Are Down. What Can I Do?
June 28, 2021 • 5 min read
Finally, Google page experience core update is rolling out
June 18, 2021 • 3 min read
What is a Featured Snippet? [Definition + Examples]
June 10, 2021 • 4 min read
Google June 2021 core update live, July core update coming
June 4, 2021 • 3 min read
Google's June page experience core update will be mobile first, then desktop
May 21, 2021 • 3 min read
Google confirms demise of Q&A search feature, Question Hub lives on
April 26, 2021 • 1 min read
Big Google algorithm update moved to June with new performance report
April 21, 2021 • 4 min read
No, changing page publish dates won't increase Google search rankings
April 10, 2021 • 4 min read
Google: 'zero-click search' claims and data 'misleading'
April 5, 2021 • 6 min read
3 quick SEO fixes that will increase your website rankings right away
March 30, 2021 • 5 min read
10 Google Analytics metrics you absolutely must track (updated)
March 29, 2021 • 5 min read
Meet the new Google My Business review management view
March 20, 2021 • 2 min read
Google Ads help: Top 10 reasons your Google Ads campaigns are failing
March 10, 2021 • 10 min read
Google 'price drop' structured data for e-commerce can grab buyer eyes
March 9, 2021 • 2 min read