Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizen Coje_He for the clue delivery! CTOnews.com, July 6 (Xinhua)-- cyber security company Kaspersky revealed more than 30 malicious Chrome hot plug-ins in the latest blog post on its official blog. The plug-ins have been downloaded about 8700 times, with the most popular one being downloaded more than 9 million times, it said.

The reason for this at Tu Yuan Pexels is that Vladimir Palant, a cyber security researcher at Kaspersky, found a plug-in called "PDF Toolbox" in the Chrome online store. At first glance, it is a simple PDF toolkit that can be used to convert Office documents to PDF, or to perform some simple editing operations on PDF files. The plug-in has been downloaded nearly 2 million times and has a score of 4.2.

However, Vladimir Palant found that the plug-in automatically visits a serasearchtop site and can load arbitrary code on all pages viewed by the user. He then conducted a more thorough "carpet search" of the Chrome online store and found a total of 34 malicious plug-ins, of which the most popular plug-in was Youtube automatic Jump (Autoskip for Youtube), which has been downloaded more than 9 million times.

Most of the plug-ins were uploaded to the Chrome store between 2021 and 2022, and some of the plug-ins' comments section has seen more vigilant users complaining that the plug-in "replaces the address in the search results with adware links." Of course, these complaints went unnoticed by the administrator of the Chrome store.

Fortunately, Google officially removed these malicious plug-ins after Palant's research report and another team of experts' papers on the same topic were published.

Kaspersky said that malicious plug-ins in browsers may do the following:

Track all user activities in order to collect and sell information about them

Steal bank card details and account vouchers

Embed advertisements in a web page

Replace links in search results

Replace the browser's home page with advertising links

The malicious features of a plug-in can evolve over time to meet the different goals of developers

The developers of plug-ins may also change, and do not rule out the possibility that malicious functions will be added after the change of ownership of plug-ins.

CTOnews.com comes with a complete list of malicious plug-ins, so you should be careful when downloading browser plug-ins.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.