Malware Spreads Through Google Chrome Web Store

By | Apr 6, 2012

Most workers--sometimes even members of the IT staff--download extensions from places like the Google Chrome Web Store or the Mozilla website without a thought. People expect these websites to be safe and assume that each add-on is checked for malicious code. But while the latter is often the case, the scanners aren't foolproof.

According to a post on Securelist from Fabio Assolini, security researcher at Kaspersky Lab, Brazilian hackers capitalized on the popularity of Facebook to distribute a malicious extension to unsuspecting users. The worst part is that the extension is hosted on Chrome Web Store's own servers. The malware was given the innocuous name "Adobe Flash Player" At the time of discovery, the extension had 923 users.

The malware gives the hackers total control over a victim's Facebook profile. The app downloads a script that tells the account to distribute spam messages encouraging other users to install the malicious extension. But that's not all. The app also instructs the victim's profile to "Like" certain pages. Why? Because the hackers are selling "Likes" to businesses looking to promote their Facebook pages.

Google has since removed the extension, but nothing is stopping the hackers from uploading apps just like it to the Google Chrome Web Store. "We noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game," wrote Assolini.

Businesses are bound to face similar problems with the Android Market, now known as Google Play. Although Google has since implemented Bouncer, a scanner that checks for malware signatures, the service is struggling with the same issues as the Chrome Web Store.

Employees should be made aware that even secure-looking websites can still prove dangerous. Unfortunately, it's a difficult concept to get across--most users don't expect tech giants like Google to be vulnerable to cyber criminals.

However, even IT professionals utilize mobile and browser apps; these programs often add useful features and functions to a platform, enabling users to complete tasks quicker or more efficiently. But extensions that aren't malicious can nonetheless contain security holes that can be manipulated by hackers.

Organizations can protect themselves from these kinds of threats by following basic security measures, however. If possible, midsized businesses should limit themselves to as few mobile and browser add-ons as possible, and new apps should come from trusted developers. Workers shouldn't be allowed to install new add-ons without permission. Companies with bring-your-own-device (BYOD) policies should also implement mobile device management (MDM) software to prevent employees from downloading or using unauthorized software. These programs can allow an administrator to block access to Google Play altogether as well as whitelist and blacklist apps.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...