Security researchers have uncovered malware hidden in four different extensions for Google's Chrome browser. Collectively, the four extensions have been downloaded and installed more than half a million times, including onto workstations within major organizations globally. While likely used to commit click fraud and search engine optimization (SEO), the number of installs could provide cyber criminals with a potent botnet.
"While revenues are not known, a similar botnet uncovered in 2013 yielded $6 million per month before it was taken down," security researchers at Icebrg, a computer security firm based in Seattle, Washington, stated in a report outlining the technical details of the malware.
The researchers discovered the malware while investigating an "unusual" uptick in outbound traffic from a customer workstation to a European VPS provider. Analysis of the traffic led them to a Chrome extension called HTTP Request, which was sending outbound traffic to websites with advertising attached.
Further investigation led Icebrg to discover similar malware residing in three other Chrome extensions, including Stickies, Lite Bookmarks, and Nyoogle. That's what led them to believe they were being used to commit click-fraud to generate revenue from web ads.
"The total installed user base of the aforementioned malicious Chrome extensions provides a substantial pool of resources to draw upon for fraudulent purposes and financial gain. The high yield from these techniques will only continue to motivate criminals to continue exploring creative ways to create similar botnets," Icebrg added.
As always, do your research before downloading a browser extension (regardless of which browser you are using) and only download extensions from trusted sources.