According to a report by ICEBRG, over half a million users became the victim by four harmful Chrome extensions that impacted across the world, including workers of major organizations. Such extensions were probably practiced to conduct click scam and/or search engine optimization (SEO) management, but they could have also been costumed by attack to acquire access to commercial networks and manipulator information, the security company informs.
“During the time of observation, the threat actor utilized this capability exclusively for visiting advertising related domains indicating a potential click fraud campaign was ongoing. Click fraud campaigns enable a malicious party to earn revenue by forcing victim systems to visit advertising sites that pay per click (PPC),” ICEBRG reports.
“The inherent trust of third-party Google extensions, and accepted risk of user control over these extensions, allowed an expansive fraud campaign to succeed. In the hands of a sophisticated threat actor, the same tool and technique could have enabled a beachhead into target networks,” ICEBRG notes.
The harmful actor behind them has a significant pool of properties to practice for financial gain and allowing for the total installed victim base of these harmful Chrome extensions. Google, the National Cyber Security Centre of The Netherlands (NCSC-NL), the United States Computer Emergency Readiness Team (US-CERT), and clients who were immediately influenced have been attentive on the issue.