Google burns down more than 500 private-data-stealing, ad-defrauding Chrome extensions installed by 1.7m netizens
The Register
Google has removed more than 500 Chrome extensions in response to a report from a security researcher, who found the browser plugins distributed through the Chrome Web Store facilitated ad fraud and data theft.
Using a free extension forensic analysis tool called CRXcavator, released last year by Cisco's Duo Security, independent infosec bod Jamila Kaya spotted a set of similarly coded Chrome extensions "that infected users and exfiltrated data through malvertising while attempting to evade fraud detection on the Google Chrome Web Store," said Kaya, and Jacob Rickerd, a security engineer at Duo, in a blog post this week.
...