Cybersecurity experts have identified a significant threat within Google Chrome. It turns out that some browser extensions, which appear to be useful, are actually hijacking user accounts. These extensions mimic popular HR and business platforms like Workday, NetSuite, and SAP SuccessFactors. After installation, they can quietly steal login information while disabling security measures meant to protect users.
Many individuals who downloaded these extensions didn’t realize anything was amiss.
Beware of Malicious Chrome Extensions
The Threat Research team at Socket has found five malicious extensions linked to this issue. Marketed as tools for productivity and security, their true purpose is to compromise accounts. The extensions are:
- Cloud access with data
- Tool access 11
- data by cloud 1
- data by cloud 2
- software access
Upon contacting Google, a representative mentioned that these extensions had been removed from the Chrome Web Store. However, they might still be available on third-party sites, posing ongoing risks. It’s advisable to uninstall any of these extensions from your browser immediately.
Why These Extensions Seem Trustworthy
These malicious add-ons are cleverly crafted to look authentic. They often feature professional branding, appealing dashboards, and business-oriented descriptions. Some claim to enhance access to workplace tools or limit user behavior for account security. For someone juggling day-to-day responsibilities, these perks might appear helpful, rather than suspicious.
The Real Impact of These Extensions
Once activated, these extensions operate stealthily in the background. They can hijack session cookies, which are crucial for indicating that a user is logged into a site. With access to these cookies, attackers don’t even need passwords to log in. Additionally, some of these extensions block access to important security pages, preventing users from changing passwords or reviewing their login activities. In some cases, they can enable criminals to use hijacked sessions in another browser, allowing for immediate access as if they were the account owner.
The Dangers Behind Malicious Extensions
This kind of attack goes beyond mere credential theft. It restricts the victim’s ability to respond to the situation. Security teams might notice unusual activity, but standard countermeasures won’t be effective. Attempts to change passwords could fail, account configurations might disappear, and two-factor authentication measures can become inaccessible. Consequently, attackers might retain control over user accounts for prolonged periods.
How to Check Your Extensions
If you’re a Google Chrome user, it’s prudent to check your extensions. The process takes just a few minutes:
- Open Google Chrome
- Click the three-dot menu in the upper right corner
- Select Extensions, then click on Manage extensions
- Review the list of extensions
Be on the lookout for unfamiliar names, particularly those claiming to provide access to HR platforms or business applications.
Removing Suspicious Extensions
If you identify any of these extensions, remove them right away:
- Open Manage extensions in Chrome
- Locate the suspicious extension
- Click remove
- Confirm when prompted
After removal, restart your browser to ensure that the extension is fully disabled. If Chrome sync is on, repeat these steps on any synced devices before reactivating sync.
Steps to Take After Removal
Uninstalling the extension is just the start. Change the password for any accounts you accessed while the extension was installed. If possible, use a different browser or device for this. A password manager can help you create strong, unique passwords, reducing the chance of reused passwords slipping into the wrong hands again.
It’s wise to check if your email has been exposed in a previous data breach. A solid password manager often has a breach scanner to see if your email or password appears in any known leaks. If a match is found, changing those reused passwords and securing the affected accounts with new credentials is crucial.
How to Stay Safe Moving Forward
Implementing simple habits can significantly lessen your risks.
1) Limit Browser Extensions
Only install the extensions you really need. Less is more when it comes to reducing your vulnerability.
2) Be Cautious with Add-Ons
Steer clear of extensions promising premium features or special access for enterprise platforms. Established businesses seldom need a browser add-on to provide access to accounts.
3) Scrutinize Permissions
Be wary of extensions that ask for access to cookies, browsing data, or other account controls. These permissions can potentially be misused.
4) Regularly Review Extensions
Every few months, check your browser and remove any extensions you don’t recognize or use.
5) Use Reliable Antivirus Software
Good antivirus software can detect malicious extensions, block suspicious actions, and alert you to any threats before damage occurs.
6) Look into Data Deletion Services
If your information has been compromised, a data deletion service might help reduce your digital footprint by removing your details from data broker sites.
7) Avoid Third-Party Download Sites
Don’t reinstall extensions from third-party sites, even if they seem to offer similar functionality. Those sites often carry outdated or hazardous versions.
This situation highlights how browser extensions can be easily misused. The fake Chrome add-ons didn’t employ obvious tactics; they blended in, appeared professional, and operated quietly in the background. The good news? You don’t have to be a tech whiz to protect yourself. A few minutes spent reviewing your extensions, uninstalling any that seem off, and securing your account can make a meaningful difference. Regularly practicing small habits can significantly mitigate your risk. Remember, convenience should never come at the cost of security. Keeping your browser tidy and your accounts secure puts you back in control.
