Chrome 경고 : 이 500 개의 확장 프로그램을 활성화하지 마십시오

ment 2/15 '20 posted 뉴스 IT

• 보안 연구자가 사용자의 브라우징 세션에 악성 광고를 삽입하는 악성 코드 작업을 공개한 후 Google은 Web 스토어에서 500 개 이상의 악성 Chrome 확장 기능을 삭제했습니다.

• ZDNet과 보고서를 공유한 Cisco의 Duo Security 팀은 특정 조건에서 활성화되어 탐색하는 동안 사용자를 리디렉션하는 악성 코드를 발견했습니다.

• Duo는 170 만 명의 사용자가 Kaya가 식별 한 초기 확장을 설치했다고 생각합니다.

• 대상은 Dell 또는 BestBuy와 같은 소매 사이트의 제휴사 링크에서 멀웨어 다운로드 또는 피싱 페이지까지 다양합니다.

Heed This Google Chrome Warning: Do NOT Activate Any Of These 500 Extensions [www.forbes.com]

Live Caption, one of the best features from the Pixel 4, might be coming to Google Chrome [www.androidpolice.com]

Google Kicks Out 500 Dodgy Extensions From Chrome Store [www.digitaltrends.com]

Google just removed more than 500 malicious Chrome extensions [www.tomsguide.com]

500 Chrome extensions secretly uploaded private data from millions of users [arstechnica.com]

500 Chrome Extensions Secretly Uploaded Private Data From Millions of Users [yro.slashdot.org]

Security researchers partner with Chrome to take down browser extension fraud network affecting millions of users. [duo.com]

Extensive Fraud Network Found Using Malicious Chrome Extensions [duo.com]

Google removes 500+ malicious Chrome extensions from the Web Store [www.zdnet.com]

500+ Google Chrome Extensions Stealing Your Data for Years [securityboulevard.com]

Over 500 Malicious Extensions Pulled from Chrome Web Store [www.iphoneincanada.ca]

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users [thehackernews.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

2/15 '20 answered

Everyone understands just how much information browser extensions have access to, right? https://t.co/4Omcv6BOdS
— Troy Hunt (@troyhunt) February 14, 2020

Here you thought that Chrome was the safest best browser ever?

500 Chrome extensions secretly uploaded private data from millions of users. #ThanksGoogle /shttps://t.co/aKHlZEugKX
— Wolverine 2020 ? (@WolverineResist) February 14, 2020

Treat browser extensions with the same scrutiny (or more) that you would treat apps you install, they are just as dangerous and can be more dangerous with permissions you grant them (e.g. viewing web sites you visit and web site content)https://t.co/oCfQFDN2X6
— Brian Krupp (@briankrupp) February 14, 2020

500 Chrome extensions secretly uploaded private data from millions of users https://t.co/lDXoDN5Pfa
— Chris Heilmann (@codepo8) February 14, 2020

500 Chrome extensions secretly uploaded private data from millions of users | Ars Technica

Extensions were part of a long-running ad-fraud and malvertising network. https://t.co/Z55RPyG1ry
— PrivacyDigest (@PrivacyDigest) February 14, 2020

500 Chrome extensions secretly uploaded private data from millions of users | Ars Technica https://t.co/Rb8Exywj5s #Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware #virus #apt #pii #nist #fcc #finra #hipaa #pci pic.twitter.com/IFdcPtMSzZ
— Rich Tehrani at @ITEXPO, Feb 11-14, FL (@rtehrani) February 14, 2020

The Duo report is now live. It includes all the IOCs for the removed extensions.

If you run an enterprise network, make sure to remove these extensions from your Chrome fleethttps://t.co/E7wjLchvvI pic.twitter.com/5QtL8SLOe8
— Catalin Cimpanu (@campuscodi) February 13, 2020

Discoveries facilitated by our research? We ❤️to see it. Learn how Independent Security Researcher @bumblebreaches & CRXcavator creator/Duo Infosec Engineer @crxpert collaborated to uncover & remove a large-scale campaign of malvertising Chrome extensions: https://t.co/klqM4Hh7Lp pic.twitter.com/qibqb2aTla
— Duo Security (@duosec) February 13, 2020

Google removes 500+ malicious Chrome extensions from the Web Store

> Extensions redirected users to malicious sites (phishing, malware downloads), sometimes affiliate links
> Took two months to track down the entire network
> Operators active for 2 yearshttps://t.co/HSnTS6J7k8 pic.twitter.com/0JaAPbaIpF
— Catalin Cimpanu (@campuscodi) February 13, 2020

Google doesn't care about you - https://t.co/RfJzu92T6u
— Chris Brogan (@chrisbrogan) February 14, 2020

Awesome write-up by @bumblebreaches and @crxpert. They identified, analyzed, and collaborated with our team in taking down a big extensions malware campaign. (I do confess that section "07. A Brighter Future Ahead" is my favorite part of their report.) https://t.co/zXZqGqUYiH
— Justin Schuh ? (@justinschuh) February 13, 2020

Thanks for the collab @crxpert and @duo_labs! Check out some research we worked on to highlight a recent malicious architecture of chrome web store extensions and the rise of malvertising.https://t.co/zlN6VThekq
— BumbleBreaches (@bumblebreaches) February 13, 2020

#Google removes 500+ #malicious #Chrome #extensions from the #WebStore https://t.co/ltjHJhz3mw #dataprotection #databreach #cyberattack #malware pic.twitter.com/yw5WIbzyN5
— Shaun Wiggins (@shaunwiggins) February 14, 2020

The destination links ranged from affiliate links to malware download sites or phishing pages -> Google has removed 500+ malicious Chrome extensions from its Web Store, likely affecting millions of users, that were part of a long-running ad fraud network https://t.co/1gztYKXema pic.twitter.com/MiIIkC7pi4
— Glenn Gabe (@glenngabe) February 14, 2020

#Google removes 500+ malicious #Chrome #browser #extensions from its store.#data #dataprotection #datasecurity #CyberSecurity #fintech #cybersec #InfoSec #infosecurity #privacy #dataprivacy #hackers #Malware #cybercrime #cyberattack #webdev #chromebook https://t.co/ERBUMzUjZu pic.twitter.com/2tHIDOq5Tt
— H.P. (@DataDrivenHenry) February 14, 2020

구글이 크롬 웹 스토어에서 무단으로 광고를 주입하는 악성 확장프로그램 500개 이상을 퇴출시켰다고... https://t.co/570QrhKIHV
— H. Kim (@metavital) February 14, 2020

Google removes 500+ malicious Chrome extensions from the Web Store.

I’m sure all defrauded publishers were handsomely refunded. https://t.co/vgwZTpMaMR
— Carl Hendy (@carlhendy) February 14, 2020

Google removes 500+ malicious Chrome extensions from the Web Store https://t.co/4j5zVt9l5c
— The Cyber Security Hub (@TheCyberSecHub) February 13, 2020

Google removes 500+ malicious Chrome extensions from the Web Store.

A network of malicious Chrome extensions was injecting malicious ads in millions of Chrome installs.

Check this out from @ZDNet to learn more. https://t.co/svZueDwRoc #tech #cybersecurity #itsecurity pic.twitter.com/3LOU7ofqgN
— Sentricor (@sentricor) February 13, 2020

Google removes 500+ malicious Chrome extensions from the Web Store https://t.co/pNs37qS5B3 by @campuscodi
— ZDNet (@ZDNet) February 13, 2020

We love browser extensions. But some of them don’t respect us in the morning: https://t.co/WldyY5peYp
— @Richi Jennings (@RiCHi) February 14, 2020

Watch Out!

500+ Chrome browser extensions caught stealing private data of over 1.7 million users

Read details ➤ https://t.co/6XvjkxmUnT #Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.#cybersecurity
— Anonymous??️ ? (@YourAnonRiots) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users
https://t.co/C45OyNkh3z #proprietarysoftware is very often malicious. Secrecy enables malice and mischief.
— Dr. Roy Schestowitz (罗伊) (@schestowitz) February 14, 2020

Watch Out! 500+ Chrome browser extensions caught stealing private data of over 1.7 million users

Read details ➤ https://t.co/3eLdralN6m #Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.#cybersecurity
— Swati Khandelwal (@Swati_THN) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users https://t.co/EgEYdlE0Nz #CyberSecurity pic.twitter.com/EOUh9d96Wk
— Angelo G Longo (@aglongo) February 14, 2020

Watch Out!

500+ Chrome browser extensions caught stealing private data of over 1.7 million users

Read details ➤ https://t.co/9GiIYPFs5e #Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.#cybersecurity
— Mohit Kumar (@unix_root) February 14, 2020

500のChrome拡張機能が170万人のユーザーの個人データを盗むhttps://t.co/bUyRA7Qk2E
Googleは、悪意のある広告を挿入し、ユーザーの閲覧データを攻撃者の制御下にあるサーバーに吸い上げたことが判明したため、Webストアから500件の悪意のあるChrome拡張機能を削除しました。
— ITニュース新報 (@prad3ekt) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users#Hackers #CyberWar #Cybercrime #DeepWeb #DarkWeb #Virus #BlackHat #WhiteHat #Pentester #Spam #Ransomware #SpyData #Scam #DDoS #BotHunter #Sniffer #zeroday https://t.co/iQtytqrYpp
— SpyData (@spydata_) February 14, 2020

permanent link

Open Wiki - Feel free to edit it. -

2/15 '20 answered

500 Chrome #browser extensions out of #playstore - they secretly upload private browsing data to #C2 servers and redirecting #victims to infected #sites: https://t.co/EX4cB7Iy8B #CyberSecurity, #ITSecurity, #ITInfrastructure, #Leadership, #Google, #C2, #DataPrivacy, #Awareness
— Dulen K (@dulenkp) February 15, 2020

500 Chrome extensions secretly uploaded private data from millions of users https://t.co/h5hE8PVF4h pic.twitter.com/XHSrteSfZq
— #AI (@AI__TECH) February 14, 2020

500 Chrome extensions secretly uploaded private data from millions of usershttps://t.co/qIOb6y2qqm
— WhatIsMyIPAddress.com (@wimia) February 15, 2020

500 Chrome extensions secretly uploaded private data from millions of usershttps://t.co/sa0qq4aaPD
— Livid ??‍♀️ (@Livid2point0) February 15, 2020

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. The extensions were a part of a malvertising and ad-fraud campaign.https://t.co/QpR9lMz22g
— Norton (@Norton) February 14, 2020

500 Chrome extensions secretly uploaded private data from millions of users ? Extensions were part of a long-running ad-fraud and malvertising network. Ars Technica https://t.co/OevgvTWIfm
— ReconSecureComputing (@SecRecon) February 14, 2020

구글 크롬 웹스토어에서 500개 이상의 악성 크롬 확장 프로그램 제거, 악성 광고 삽입, 제휴 링크로 변경, 피싱 등

Security researchers partner with Chrome to take down browser extension fraud network affecting millions of users. | Duo Security https://t.co/eUpePV5mo2
— lunamoth (@lunamoth) February 14, 2020

?CRXCavator - Google #Chrome Extensions Checker:
?[TOOL]: https://t.co/Gc8QdQzdHY by @duosec, @crxpert, @Bumblebreaches ?
?[BLOG]: https://t.co/WbVuWP1glW #blueteam #threathunting #ThreatIntel #crx pic.twitter.com/ah4fuBqBzD
— Ring3API (@rimpq) February 14, 2020

Security researchers just found a huge cache of malicious Chrome extensions, infecting millions of browsers. So Google swiped left on all of them: https://t.co/WldyY5peYp
— @Richi Jennings (@RiCHi) February 14, 2020

Roses are red, violets are blue. In today’s #SBBlogwatch at @SecurityBlvd, we’re concerned about you: https://t.co/WldyY5peYp
— @Richi Jennings (@RiCHi) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users https://t.co/PKRCAzs6LL via @TheHackersNews #cybersecurity #Cybersecurite #infosec #datasecurity #browser #computersecurity #informationsecurity #googlechrome #Chrome #hacking #app
— Htop Skills (@HtopSkills) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users #hacking https://t.co/NM1WmldUQI
— Claudia Martín (@CLAVDIAmartin) February 14, 2020

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. Read on: https://t.co/F70N4Yv0lt via @thehackernews #security #infosec #cybersecurity #chrome pic.twitter.com/ts4KA0KyzA
— BlackHOST (@_blackhost) February 15, 2020

500 Malicious Chrome Extensions Impact Millions of Users#cybersecurity #informationtechnology #networksecurity #informationsecurity #hacking #securitynews #chrome #vaultinfosec #wevowyoursecurity #malware #vulnerability #websecurity #cyberattacks #threats https://t.co/fqGD8aSeGt
— Vault Infosec (@vaultinfosec) February 15, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users https://t.co/2tWW322g5R
— Harjit Dhaliwal [MVP] (@Hoorge) February 15, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Usershttps://t.co/3T6AF1ztfg #hackers #cybersec #cyberattack #infosec #data #breach #cybercrime #cyberrisk #privacy #GDPR #dataprotection #hacking #malware #programming #pentest e #Chrome pic.twitter.com/bytswwq1vx
— Bob Nicolson (@NicolsonBray) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users https://t.co/lLuKawCoPK #hackers #Malware #cybersecurity #privacy #databreach
— Tanya_CyberInvestiga8 (@CyberInvestiga8) February 14, 2020

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured