The Chrome Web Store has been discovered to be harboring a piece of banking malware on a Chrome extension. This is the second time this is happening in recent times. Now, a number of shady applications have been infecting systems all over the world using the Chrome Web Store, and many of these malicious applications have been able to escape the most commonly used anti-malware applications available.
This latest Trojan discovered on the Chrome Web Store was pretending to be the Interface Online extension. It avoided detection by the 58 most common antiviral applications. It was so difficult to catch that, even though it was removed from the Chrome Web Store a while ago, it was re-uploaded to the platform recently, and another user report was required to flush it out. This malware served as a data gatherer, allowing for further exploitation of the victims. After collecting login information from the victim, the malware transfers the data to a server controlled by the attackers. In targeted attacks, these attackers make use of a combination of social engineering and phishing to wheedle more information out of the victim, then they use this information to steal from the victim.
Now, as pointed out by Ars Technica, this is just a symptom of a common problem affecting the Chrome Wed Store. A lot of extensions have been discovered to contain malware. It is now quite difficult to know which extensions you can trust. Although downloading any software from vetted sources is a great way to avoid being hit by malware, it makes it quite difficult to trust these same vetted sources when things like this happen. This also goes for malware that s ultimately distributed under trusted developer accounts which have been compromised.
It has been recommended that Google should enable two-factor authentication for accounts on the Web Store to limit this problem, and also encourage developers to adopt practices that limit extensions’ access to passwords and other credentials.
3 Comments »