Kaspersky found 34 malicious Chrome extensions with 87 million download

by do son · July 6, 2023

Kaspersky Lab’s security engineers uncovered a dubious extension named PDF Toolbox, an addition that has been downloaded over two million times from the Chrome Web Store, boasting a rating of 4.2. This extension primarily facilitates conversions of PDF-class documents, such as transposing Office documents into PDF format. Judging by its evaluations, the extension seems to be of commendable quality, the reviews of which do not appear to be fabricated.

Nevertheless, upon inspection, Kaspersky detected suspect code within PDF Toolbox. The plugin accessed the domain serasearchtop[.]com to load resources, thereby being capable of executing code on any website visited by the user.

After trace analysis, Kaspersky discovered 34 analogous extensions on the Chrome Web Store. While these extensions offer specific functionalities, they have been submitted by different developers, all of them, however, connect to the same server. This pattern suggests that a nefarious cyber operation is hiding behind the scenes, using various developer accounts to avoid detection.

These extensions, with download counts exceeding 87 million times, were eradicated from the Chrome Web Store by Google following Kaspersky’s report. Users are advised to examine their Chromium-based browsers for the installation of these malicious extensions.

The malicious extension list is as follows