It has been reported that Google has removed 106 extension of the Google
Chrome browser from the Chrome Web Store which were found collecting
sensitive user data. These extensions reportedly posed as tools to improve
web searches, convert files between different formats, as security
scanners, and more.
It has also been found that these extensions contained code to bypass
Google's Chrome Web Store security scans. They had the ability to take
screenshots, read the clipboard, harvest authentication cookies or grab
user keystrokes to read passwords and other confidential information.
Recommendations
· Uninstall extensions with IDs given in the IOCs section. Users
can visit the chrome://extensions page, then enable Developer Mode and see
if they installed any of the malicious extensions and remove them from
their browsers.
· Users of Google Chrome browser are advised to exercise caution
while installing browser extensions.
· Install only extensions which are absolutely needed and refer
User reviews before installing extensions.
· Uninstall extensions which are not in use.
· Do not install extensions from unverified sources.
References
https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/
https://awakesecurity.com/white-papers/the-internets-new-arms-dealers-malicious-domain-registrars/
https://arstechnica.com/information-technology/2020/06/chrome-extensions-with-33-million-downloads-slurped-sensitive-user-data/
IOCs (Extension IDs)
acmnokigkgihogfbeooklgemindnbine
apgohnlmnmkblgfplgnlmkjcpocgfomp
apjnadhmhgdobcdanndaphcpmnjbnfng
bahkljhhdeciiaodlkppoonappfnheoi
bannaglhmenocdjcmlkhkcciioaepfpj
bgffinjklipdhacmidehoncomokcmjh
bifdhahddjbdbjmiekcnmeiffabcfjgh
bjpknhldlbknoidifkjnnkpginjgkgnm
blngdeeenccpfjbkolalandfmiinhkak
ccdfhjebekpopcelcfkpgagbehppkadi
cceejgojinihpakmciijfdgafhpchigo
cebjhmljaodmgmcaecenghhikkjdfabo
chbpnonhcgdbcpicacolalkgjlcjkbbd
cifafogcmckphmnbeipgkpfbjphmajbc
clopbiaijcfolfmjebjinippgmdkkppj
cpgoblgcfemdmaolmfhpoifikehgbjbf
dcmjopnlojhkngkmagminjbiahokmfig
deiiiklocnibjflinkfmefpofgcfhdga
dipecofobdcjnpffbkmfkdbfmjfjfgmn
dopkmmcoegcjggfanajnindneifffpck
dopmojabcdlfbnppmjeaajclohofnbol
edcepmkpdojmciieeijebkodahjfliif
ekbecnhekcpbfgdchfjcfmnocdfpcanj
elflophcopcglipligoibfejllmndhmp
eogfeijdemimhpfhlpjoifeckijeejkc
fcobokliblbalmjmahdebcdalglnieii
fgafnjobnempajahhgebbbpkpegcdlbf
fgcomdacecoimaejookmlcfogngmfmli
fgmeppijnhhafacemgoocgelcflipnfd
fhanjgcjamaagccdkanegeefdpdkeban
flfkimeelfnpapcgmobfgfifhackkend
fmahbaepkpdimfcjpopjklankbbhdobk
foebfmkeamadbhjcdglihfijdaohomlm
fpngnlpmkfkhodklbljnncdcmkiopide
gdifegeihkihjbkkgdijkcpkjekoicbl
gfcmbgjehfhemioddkpcipehdfnjmief
gfdefkjpjdbiiclhimebabkmclmiiegk
ggijmaajgdkdijomfipnpdfijcnodpip
ghgjhnkjohlnmngbniijbkidigifekaa
gllihgnfnbpdmnppfjdlkciijkddfohn
gmmohhcojdhgbjjahhpkfhbapgcfgfne
gofhadkfcffpjdbonbladicjdbkpickk
hapicipmkalhnklammmfdblkngahelln
hijipblimhboccjcnnjnjelcdmceeafa
hmamdkecijcegebmhndhcihjjkndbjgk
hodfejbmfdhcgolcglcojkpfdjjdepji
hpfijbjnmddglpmogpaeofdbehkpball
ianfonfnhjeidghdegbkbbjgliiciiic
ibfjiddieiljjjccjemgnoopkpmpniej
inhdgbalcopmbpjfincjponejamhaeop
iondldgmpaoekbgabgconiajpbkebkin
ipagcbjbgailmjeaojmpiddflpbgjngl
jagbooldjnemiedoagckjomjegkopfno
jdheollkkpfglhohnpgkonecdealeebn
jfefcmidfkpncdkjkkghhmjkafanhiam
jfgkpeobcmjlocjpfgocelimhppdmigj
jghiljaagglmcdeopnjkfhcikjnddhhc
jgjakaebbliafihodjhpkpankimhckdf
jiiinmeiedloeiabcgkdcbbpfelmbaff
jkdngiblfdmfjhiahibnnhcjncehcgab
jkofpdjclecgjcfomkaajhhmmhnninia
kbdbmddhlgckaggdapibpihadohhelao
keceijnpfmmlnebgnkhojinbkopolaom
khhemdcdllgomlbleegjdpbeflgbomcj
kjdcopljcgiekkmjhinmcpioncofoclg
kjgaljeofmfgjfipajjeeflbknekghma
labpefoeghdmpbfijhnnejdmnjccgplc
lameokaalbmnhgapanlloeichlbjloak
lbeekfefglldjjenkaekhnogoplpmfin
lbhddhdfbcdcfbbbmimncbakkjobaedh
ldoiiiffclpggehajofeffljablcodif
lhjdepbplpkgmghgiphdjpnagpmhijbg
ljddilebjpmmomoppeemckhpilhmoaok
ljnfpiodfojmjfbiechgkbkhikfbknjc
lnedcnepmplnjmfdiclhbfhneconamoj
lnlkgfpceclfhomgocnnenmadlhanghf
loigeafmbglngofpkkddgobapkkcaena
lpajppfbbiafpmbeompbinpigbemekcg
majekhlfhmeeplofdolkddbecmgjgplm
mapafdeimlgplbahigmhneiibemhgcnc
mcfeaailfhmpdphgnheboncfiikfkenn
mgkjakldpclhkfadefnoncnjkiaffpkp
mhinpnedhapjlbgnhcifjdkklbeefbpa
mihiainclhehjnklijgpokdpldjmjdap
mmkakbkmcnchdopphcbphjioggaanmim
mopkkgobjofbkkgemcidkndbglkcfhjj
mpifmhgignilkmeckejgamolchmgfdom
nabmpeienmkmicpjckkgihobgleppbkc
nahhmpbckpgdidfnmfkfgiflpjijilce
ncepfbpjhkahgdemgmjmcgbgnfdinnhk
npaklgbiblcbpokaiddpmmbknncnbljb
npdfkclmbnoklkdebjfodpendkepbjek
nplenkhhmalidgamfdejkblbaihndkcm
oalfdomffplbcimjikgaklfamodahpmi
odnakbaioopckimfnkllgijmkikhfhhf
oklejhdbgggnfaggiidiaokelehcfjdp
omgeapkgiddakeoklcapboapbamdgmhp
oonbcpdabjcggcklopgbdagbfnkhbgbe
opahibnipmkjincplepgjiiinbfmppmh
pamchlfnkebmjbfbknoclehcpfclbhpl
pcfapghfanllmbdfiipeiihpkojekckk
pchfjdkempbhcjdifpfphmgdmnmadgce
pdpcpceofkopegffcdnffeenbfdldock
pgahbiaijngfmbbijfgmchcnkipajgha
pidohlmjfgjbafgfleommlolmbjdcpal
pilplloabdedfmialnfchjomjmpjcoej
pklmnoldkkoholegljdkibjjhmegpjep
pknkncdfjlncijifekldbjmeaiakdbof
plmgefkiicjfchonlmnbabfebpnpckkk
pnciakodcdnehobpfcjcnnlcpmjlpkac
ponodoigcmkglddlljanchegmkgkhmgb
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.