Two new malicious extensions have been discovered that affect the Google Chrome browser. One of the newly discovered malicious extensions is dubbed as the Tiempo en Colombia en vivo extension, which translates to Weather in Colombia Live. This malware was discovered by the researchers from the security firm Malwarebytes after it was detected by the company’s anti-malware software. The security issue was classified by Malwarebytes as Rogue.ForcedExtension and it seems that the key purpose of this malware is to increase the number of views on certain YouTube videos, although researchers also noted that the extension could also hijack searches.
Malwarebytes noted that the Tiempo en Colombia en vivo extension takes advantage of the forced install trick, which it described back in 2016. Websites that take advantage of the method show a dialog box that tells users that they have to install the extension before they could leave the site. In order to prevent users from removing the rogue extension, Tiempo en Colombia en vivo automatically redirects the traffic from the Chrome Extension page to the Chrome Apps page. In a statement, Google claims that it had removed the malicious extension from the machines of affected individuals. However, just in case the extension is still installed on the browser, Malwarebytes is advising its users to scan their computers using its antimalware software, which can be downloaded for free from the website of the security form.
Another malicious extension that has been discovered recently is the Play Red Bull version 4, and it has affected more than 27,000 users. This malicious extension was available in the Chrome Web Store as a game, and it obtained a rating of four stars, Despite the high rating, a number of users have raised concerns about the extension. A user posted on the extension’s page that the software has taken over their YouTube and Gmail. Another user mentioned that the Adobe flash player has been blocked by the extension, while another person noted that the game suffered from glitches. The malicious software has also been removed from the machines of affected users, Google noted in its statement. This is not the first time that a malicious Chrome extension has been discovered. In November last year, it was discovered that a Chrome extension was stealing social media authentication tokens, which could allow attackers to take over a social media account. Google employs an automated screening process to check for malicious extensions, although it seems that there are pieces of malware that successfully evaded Google’s screening process.
