msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

28 Mar 12 Google’s Chrome Web store used to spread malware


Crooks have found a new venue to push malware: the official Google Chrome Web Store. It was recently used to hawk Chrome browser extensions secretly hijacking users’ Facebook profiles.

According to Kaspersky Lab expert Fabio Assolini, one malicious extension hosted on Google’s own servers contained hidden code that “can gain complete control” of the user’s Facebook profile. The extension then used that access to spread malicious messages and register Facebook Likes for certain items, also inviting fellow users to install it. The same operators advertised a service that delivered Likes of companies looking to promote their profiles. It costs about $27 per 1,000 Likes.

The company distributing this malicious extension was unnamed in the report as was the specific app. Assolini said Google personnel removed the malicious extension shortly after Kaspersky reported it to them. “But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game,” he warned. He didn’t elaborate on the number of extensions or how long he’s been observing them other than to say the malicious app Kaspersky discovered had 932 users.

Over the past few years, the openness of Google’s Android Market has represented one of the more conspicuous ways its users are attacked. As the software equivalent of a Wikipedia-like bazaar to which anyone may contribute, it has repeatedly been seeded with applications that take liberties with end users’ phones and data. Kaspersky’s report suggests similar attacks are exploiting Google’s Chrome Web Store.

“It is against the Chrome Web Store Content Policies to distribute malware,” a Google spokesman wrote in an email. “When we detect items containing malware or learn of them through reports, we remove them from the Chrome Web Store and from active Chrome instances. We’ve already removed several of these extensions, and we are improving our automated systems to help detect them even faster.”

Last month, Google unveiled a cloud-based service called Bouncer that scours the Android Market for malicious smartphone apps.

Article source: http://arstechnica.com/business/news/2012/03/googles-chome-web-store-used-to-spread-malware.ars?clicked=related_right

Tags: , , ,

26 Mar 12 Facebook scammers host Trojan horse extensions on Chrome Web Store


IDG News Service - Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab.

The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses, said Kaspersky Lab expert Fabio Assolini in a blog post on Friday.

Assolini has recently observed an increase in the number of Facebook scams that use malicious Chrome extensions and originate in Brazil.

Once installed in the browser, these extensions give attackers complete control over the victim’s Facebook account and can be used to spam their friends or to Like pages without authorization.

In one case, a rogue extension masqueraded as Adobe Flash Player and was hosted on the official Chrome Web Store, Assolini said. By the time it was identified, it had already been installed by 923 users.

“We reported this malicious extension to Google and they removed it quickly,” Assolini said. “But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game.”

Uploading multiple rogue extensions on the Chrome Web Store and running several Facebook spam campaigns to advertise them allows attackers to quickly compromise thousands of accounts.

The accounts are then used to earn scammers money by Liking particular pages. The people behind these campaigns sell packages of 1, 10, 50 or 100 thousand Likes to companies who wish to gain visibility on Facebook.

The use of Trojan horse browser extensions to hijack accounts is not new, nor is the method specific to Google Chrome. However, it has several advantages over other techniques. For one, users are more likely to trust an extension distributed from the official Chrome Web Store for Chrome, or Mozilla’s add-on repository for Firefox, than a clickjacking or phishing page. Few users are aware that browser extensions can intercept everything they do through the browser.

Security compromises based on rogue browser extensions are also more persistent than those based on password theft or other methods, because these extensions can piggyback on active sessions to perform unauthorized actions even if the account owners change their passwords or enable two-factor authentication.

“Think twice before installing a Google Chrome extension,” Assolini said.

Article source: http://www.computerworld.com/s/article/9225536/Facebook_scammers_host_Trojan_horse_extensions_on_Chrome_Web_Store

Tags: , , ,

26 Mar 12 Facebook Scammers Host Trojan Horse Extensions on the Chrome Web Store


Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab.

The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses, said Kaspersky Lab expert Fabio Assolini in a blog post on Friday.

Assolini has recently observed an increase in the number of Facebook scams that use malicious Chrome extensions and originate in Brazil.

Once installed in the browser, these extensions give attackers complete control over the victim’s Facebook account and can be used to spam their friends or to Like pages without authorization.

In one case, a rogue extension masqueraded as Adobe Flash Player and was hosted on the official Chrome Web Store, Assolini said. By the time it was identified, it had already been installed by 923 users.

“We reported this malicious extension to Google and they removed it quickly,” Assolini said. “But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game.”

Uploading multiple rogue extensions on the Chrome Web Store and running several Facebook spam campaigns to advertise them allows attackers to quickly compromise thousands of accounts.

The accounts are then used to earn scammers money by Liking particular pages. The people behind these campaigns sell packages of 1, 10, 50 or 100 thousand Likes to companies who wish to gain visibility on Facebook.

The use of Trojan horse browser extensions to hijack accounts is not new, nor is the method specific to Google Chrome. However, it has several advantages over other techniques. For one, users are more likely to trust an extension distributed from the official Chrome Web Store for Chrome, or Mozilla’s add-on repository for Firefox, than a clickjacking or phishing page. Few users are aware that browser extensions can intercept everything they do through the browser.

Security compromises based on rogue browser extensions are also more persistent than those based on password theft or other methods, because these extensions can piggyback on active sessions to perform unauthorized actions even if the account owners change their passwords or enable two-factor authentication.

“Think twice before installing a Google Chrome extension,” Assolini said.

Article source: http://www.pcworld.com/article/252533/facebook_scammers_host_trojan_horse_extensions_on_the_chrome_web_store.html

Tags: , , ,