Hackers and cybercriminals are hard workers and don't even stop at Christmas, forcing companies to cybersecurity to work overtime. Cyber threat detection tools start bombarding users (and the companies that developed them) with security warnings. What happened? Kaspersky Lab explains it to us.
Starting from the morning of 24th December, while we were all preparing to spend one of the strangest and most online Christmas days ever, the Russian company's antivirus intercepted millions of calls to a server to try to download the dangerous code. As a result, a flood of reports were sent to users but also to the parent company, where experts began to investigate what was happening. And, in a short time, they found out: about twenty Chrome / Edge extensions they were suddenly activated around the world and started connecting to that server. All together, for no apparent reason.
What are the infected extensions to remove
Kaspersky reported all malicious extensions to Google, but preferred to reveal only the names of three of them to the public. The most famous: Frigate Light, Frigate CDN e SaveFrom. Especially the latter is also widespread, because it allows those who install it to download videos from streaming platforms such as YouTube and Vimeo, but also from Facebook, Twitter and many other sites.
In total the more than 20 infected extensions were downloaded more than 8 millions of times. Because they all went live together, there was a boom in reports from the threat detection tool, which allowed the source of the problem to be identified very quickly.
Why extensions are dangerous
All extensions were found to be infected by a family member of virus Trojan.Multi.Preqw.gen. It is a virus that, in this specific case, is aimed at generate bogus traffic to some videos to scam advertising circuits.
Users see nothing, because the player comes running in the background, but your computer and Internet connection are slowed down due to the anomalous traffic generated by the malware. There sly hackers was to launch this campaign at Christmas, when many more users are at home with their computers on.
In this way they could generate many more fake views and, at the same time, users would think that the slowdown in the connection was due to thehigh party traffic.
What to do if you use these extensions
It is likely that the developers of these extensions are not even aware of what their software is doing right now: it is not uncommon for hackers to use extensions developed by someone else, infecting them, for their own purposes.
In the meantime, though, what users need to do? Those who have a good antivirus will most likely have already been warned that something is wrong and, just as likely, the extension will have been disabled automatically. Those who use these extensions but have no protection would do well to uninstall them also because it is not at all excluded that they will be used, in the future, to download and execute much more dangerous code.
Christmas gift from hackers: 3 Chrome extensions to remove