Malicious Browser Extensions Discovered by Kaspersky Lab and Yandex
A ruinous code was detected in the browser extensions by Kaspersky Lab and Yandex. It is considered that the attackers could have gained access to the accounts in the social networks and would have used them to elevate views on videos around various websites. The malicious code was possibly capable of pulling a lot more than 20 browser extensions like Frigate CDN, SaveFrom, Frigate Mild, etc. says experts from Kaspersky Lab and Yandex.
Using such extensions, attackers could gain access to the user’s VKontakte account without even being noticed by the user or owner of the account. Later these accounts could be used to elevate views on videos over various websites. The extensions were capable of receiving tasks from their server and produced fake views and fake site visitors by performing play video actions in hidden tabs. The code was designed to run only when the browser was in a state of active use which would trigger the in-built detection shield.
Since the extension’s function was to play videos in hidden tabs to bring views, users started to complain about the advertisement sounds played in the background even though the video on the screen wasn’t playing. That’s where the investigation began. Yandex Browser extensions were disabled right after detecting a hidden flow of traffic and receiving complain simultaneously.
The investigation results were shared with the most popular browser and social network developers. The head of Yandex’s Anti-Fraud and Internet Security Department said that the traffic produced by the extensions is quite a lot harder to detect it is blended in the real user’s actions. He also states that since the browser extensions remain very popular, common and easily accessible, it is believed that the total number of installations could be in hundreds of millions.
Even the specialists and experts at Kaspersky Lab told that around a million users may become the victim of this program. The code in the malicious browser extensions besides elevating views also lets the attackers gain access to accounts on social networks which they would use later or in the future for the same or a different purpose like gaining likes, etc. If you like this article, follow us on Twitter, Facebook, Linkedln, and Instagram.