These Chrome extensions can hijack computers to mine crypto

[Kargai]

This one is kindy scary since it proove that Google don't really manage his own catalog. And a lot of persons rely on them, believing if the extension is in the official catalog, that mean it's safe. Obviously not since more than 423,000 users are impacted this time.

Security researchers have uncovered 89 malicious Google Chrome extensions on the official Chrome store that can inject ads, code to secretly mine cryptocurrency, and load a tool to record and replay a person's browsing activities.

And those extensions come with a new twist : If it detect that the user is trying to report the extension, it redirect the user to the introduction of their extension and not to the report.

Not enough sneaky ? If you try to remove the extension via the Chrome's extension management page it will show you that it's well deleted ...  when it is actually still lurking on the user's browser.

For now Google removed all the extensions affected by the problem and have disabled them on all the devices who were using them. They claimed that it's a lot of work since they already block around 1.000 problematics add-on evry month.

Source : http://www.ibtimes.co.uk/these-chrome-extensions-can-hijack-computers-mine-cryptocurrency-record-your-every-move-1658543

[barbaris]

I thought when I put the extension that I'm safe. But Google does not check them. Thanks now I'll be more careful with the download extensions.