June 7, 2023

Palant has uncovered 34 malicious browser extensions that were cleverly disguised as essential utilities like ad blockers and browser themes and have been causing havoc on an estimated 87 million users globally.

Rather than collecting personal information, these extensions penetrated customers’ computers with malware, causing disruption. Some customers saw incomplete extension development, while others had their search results rerouted to unknown and potentially dangerous websites.

The extensive list of identified malicious extensions includes Autoskip for YouTube, Soundboost, Crystal Ad block, Brisk VPN, Clipboard Helper, and Maxi Refresher. Other deceptive extensions included Quick Translation, Easyview Reader view, PDF toolbox, Epsilon Ad blocker, Craft Cursors, Alfablocker ad blocker, Zoom Plus, Base Image Downloader, Clickish fun cursors, Cursor – A custom cursor, Amazing Dark Mode, Maximum Color Changer for YouTube, Awesome Auto Refresh, Venus Adblock, Adblock Dragon, Readl Reader mode, Volume Frenzy, Image download center, Font Customizer, Easy Undo Closed Tabs, Screence screen recorder, OneCleaner, Repeat button, Leap Video Downloader, Tap Image Downloader, Qspeed Video Speed Controller, HyperVolume, and Light picture-in-picture.

Palant discovered that specific extensions had been marketed via search page redirecting since 2021. According to Palant, Google swiftly deleted all 34 identified extensions from the Chrome Web Store by June 3.

Further examination found unusual behaviour relating to the number of extensions installed. It appears that the download counts were modified to make them appear more popular. The paucity of user evaluations on the Chrome Web Store for these extensions, as well as the disparity between reported threat encounters and official install counts, raises questions about the data’s veracity.

The sources for this piece include an article in TheSun.