Article DETAILS

Back

CERT-In Advise to delete Malicious Google Chrome extensions immediately

• By Elite CIO
• Jun 28, 2020
• 10

CERT-In Advise to delete Malicious Google Chrome extensions immediately

Google has recently removed 106 Malicious Google Chrome extensions that were identified as a threat to user privacy after being caught collecting sensitive user data. Cyber security firm Awake Security had identified 111 Chrome extensions and alerted Google about the same and out of these 111 extensions, Google took down 106.

In order to alert internet users about this, the Indian Computer Emergency Response Team (CERT-In) has issued an advisory. “These extensions reportedly posed as tools to improve web searches, convert files between different formats, as security scanners, and more. It has also been found that these extensions contained code to bypass Google's Chrome Web Store security scans. They had the ability to take screenshots, read the clipboard, harvest authentication cookies or grab user keystrokes to read passwords and other confidential information,” said CERT-In in its advisory.

Recommendations -

CERT-In further recommended that people should delete these Google Chrome extensions immediately. Uninstall extensions with IDs given in the IOCs section. Users can visit the chrome://extensions page, then enable Developer Mode and see if they installed any of the malicious extensions and remove them from their browsers. Users of Google Chrome browser are advised to exercise caution while installing browser extensions. Install only extensions which are absolutely needed and refer User reviews before installing extensions.Uninstall extensions which are not in use. Do not install extensions from unverified sources.

IOCs (Extension IDs) -

acmnokigkgihogfbeooklgemindnbine

apgohnlmnmkblgfplgnlmkjcpocgfomp

apjnadhmhgdobcdanndaphcpmnjbnfng

bahkljhhdeciiaodlkppoonappfnheoi

bannaglhmenocdjcmlkhkcciioaepfpj

bgffinjklipdhacmidehoncomokcmjmh

bifdhahddjbdbjmiekcnmeiffabcfjgh

bjpknhldlbknoidifkjnnkpginjgkgnm

blngdeeenccpfjbkolalandfmiinhkak

ccdfhjebekpopcelcfkpgagbehppkadi

cceejgojinihpakmciijfdgafhpchigo

cebjhmljaodmgmcaecenghhikkjdfabo

chbpnonhcgdbcpicacolalkgjlcjkbbd

cifafogcmckphmnbeipgkpfbjphmajbc

clopbiaijcfolfmjebjinippgmdkkppj

cpgoblgcfemdmaolmfhpoifikehgbjbf

dcmjopnlojhkngkmagminjbiahokmfig

deiiiklocnibjflinkfmefpofgcfhdga

dipecofobdcjnpffbkmfkdbfmjfjfgmn

dopkmmcoegcjggfanajnindneifffpck

dopmojabcdlfbnppmjeaajclohofnbol

edcepmkpdojmciieeijebkodahjfliif

ekbecnhekcpbfgdchfjcfmnocdfpcanj

elflophcopcglipligoibfejllmndhmp

eogfeijdemimhpfhlpjoifeckijeejkc

fcobokliblbalmjmahdebcdalglnieii

fgafnjobnempajahhgebbbpkpegcdlbf

fgcomdacecoimaejookmlcfogngmfmli

fgmeppijnhhafacemgoocgelcflipnfd

fhanjgcjamaagccdkanegeefdpdkeban

flfkimeelfnpapcgmobfgfifhackkend

fmahbaepkpdimfcjpopjklankbbhdobk

foebfmkeamadbhjcdglihfijdaohomlm

fpngnlpmkfkhodklbljnncdcmkiopide

gdifegeihkihjbkkgdijkcpkjekoicbl

gfcmbgjehfhemioddkpcipehdfnjmief

gfdefkjpjdbiiclhimebabkmclmiiegk

ggijmaajgdkdijomfipnpdfijcnodpip

ghgjhnkjohlnmngbniijbkidigifekaa

gllihgnfnbpdmnppfjdlkciijkddfohn

gmmohhcojdhgbjjahhpkfhbapgcfgfne

gofhadkfcffpjdbonbladicjdbkpickk

hapicipmkalhnklammmfdblkngahelln

hijipblimhboccjcnnjnjelcdmceeafa

hmamdkecijcegebmhndhcihjjkndbjgk

hodfejbmfdhcgolcglcojkpfdjjdepji

hpfijbjnmddglpmogpaeofdbehkpball

ianfonfnhjeidghdegbkbbjgliiciiic

ibfjiddieiljjjccjemgnoopkpmpniej

inhdgbalcopmbpjfincjponejamhaeop

iondldgmpaoekbgabgconiajpbkebkin

ipagcbjbgailmjeaojmpiddflpbgjngl

jagbooldjnemiedoagckjomjegkopfno

jdheollkkpfglhohnpgkonecdealeebn

jfefcmidfkpncdkjkkghhmjkafanhiam

jfgkpeobcmjlocjpfgocelimhppdmigj

jghiljaagglmcdeopnjkfhcikjnddhhc

jgjakaebbliafihodjhpkpankimhckdf

jiiinmeiedloeiabcgkdcbbpfelmbaff

jkdngiblfdmfjhiahibnnhcjncehcgab

jkofpdjclecgjcfomkaajhhmmhnninia

kbdbmddhlgckaggdapibpihadohhelao

keceijnpfmmlnebgnkhojinbkopolaom

khhemdcdllgomlbleegjdpbeflgbomcj

kjdcopljcgiekkmjhinmcpioncofoclg

kjgaljeofmfgjfipajjeeflbknekghma

labpefoeghdmpbfijhnnejdmnjccgplc

lameokaalbmnhgapanlloeichlbjloak

lbeekfefglldjjenkaekhnogoplpmfin

lbhddhdfbcdcfbbbmimncbakkjobaedh

ldoiiiffclpggehajofeffljablcodif

lhjdepbplpkgmghgiphdjpnagpmhijbg

ljddilebjpmmomoppeemckhpilhmoaok

ljnfpiodfojmjfbiechgkbkhikfbknjc

lnedcnepmplnjmfdiclhbfhneconamoj

lnlkgfpceclfhomgocnnenmadlhanghf

loigeafmbglngofpkkddgobapkkcaena

lpajppfbbiafpmbeompbinpigbemekcg

majekhlfhmeeplofdolkddbecmgjgplm

mapafdeimlgplbahigmhneiibemhgcnc

mcfeaailfhmpdphgnheboncfiikfkenn

mgkjakldpclhkfadefnoncnjkiaffpkp

mhinpnedhapjlbgnhcifjdkklbeefbpa

mihiainclhehjnklijgpokdpldjmjdap

mmkakbkmcnchdopphcbphjioggaanmim

mopkkgobjofbkkgemcidkndbglkcfhjj

mpifmhgignilkmeckejgamolchmgfdom

nabmpeienmkmicpjckkgihobgleppbkc

nahhmpbckpgdidfnmfkfgiflpjijilce

ncepfbpjhkahgdemgmjmcgbgnfdinnhk

npaklgbiblcbpokaiddpmmbknncnbljb

npdfkclmbnoklkdebjfodpendkepbjek

nplenkhhmalidgamfdejkblbaihndkcm

oalfdomffplbcimjikgaklfamodahpmi

odnakbaioopckimfnkllgijmkikhfhhf

oklejhdbgggnfaggiidiaokelehcfjdp

omgeapkgiddakeoklcapboapbamdgmhp

oonbcpdabjcggcklopgbdagbfnkhbgbe

opahibnipmkjincplepgjiiinbfmppmh

pamchlfnkebmjbfbknoclehcpfclbhpl

pcfapghfanllmbdfiipeiihpkojekckk

pchfjdkempbhcjdifpfphmgdmnmadgce

pdpcpceofkopegffcdnffeenbfdldock

pgahbiaijngfmbbijfgmchcnkipajgha

pidohlmjfgjbafgfleommlolmbjdcpal

pilplloabdedfmialnfchjomjmpjcoej

pklmnoldkkoholegljdkibjjhmegpjep

pknkncdfjlncijifekldbjmeaiakdbof

plmgefkiicjfchonlmnbabfebpnpckkk

pnciakodcdnehobpfcjcnnlcpmjlpkac

ponodoigcmkglddlljanchegmkgkhmgb

CERT-In recently issued an advisory warning citizens about a new email fraud. As per the advisory, scammers are trying to blackmail users and forcing them to pay money by threatening to leak their personal photos and sensitive information.As per the CERT-In advisory, although the listed passwords, shown as evidence may be actual passwords that you used in the past, the attacker does not know them by hacking your account, but rather through leaked data breaches shared online.