Printer Friendly

Rogue Extensions That Hijack Chrome & Firefox near Impossible to Remove.

Summary: TEHRAN (FNA)- As discovered by Malwarebytes researcher Pieter Arntz, a new pair of extensions plaguing Google's Chrome and Mozilla's Firefox can hijack the browsers in order to push technical support scams at you and potentially even spy on your browsing activities.

Called "Tiempo en colombia en vivo" on the Chrome Web Store, the rogue extension can be installed on a machine when the user visits certain sites; trying to leave a malicious site results in an infinite loop of dialog boxes cautioning the user that they can't leave the page until they install the extension. If they try to leave still, and choose the option to "Prevent this page from creating additional dialogs," the tab will go into full screen mode and offer the 'Add extension' dialog popup that shows up when installing a Chrome extension.

If the user ends up installing the extension, it will proceed by hijacking their browser searches and redirect them to certain pages or YouTube videos in order to increase their views.

Interestingly, the extension is designed to also make its removal a difficult procedure; the first measure taken to ensure this is to redirect users from the 'chrome://extensions/' page where they could manage and delete the extension to 'chrome://apps/?r=extensions', which simply lists the various Chrome apps and extensions that they have installed.

With the normal path to deleting an extension now unavailable, most casual users will likely not be able to remove the extension. In his efforts, Arntz even tried more advanced methods such as disabling JavaScript, starting Chrome with all extensions disabled, and renaming the file path for where extensions are saved, but to no avail.

The only means of successfully removing the extension at this point is, per Artnz, to install Malwarebytes and let the anti-malware program do it for you. Alternatively, you may also try and manually browse to the extension's folder and rename '1499654451774.js', which is the JavaScript file the extension relies on. You can then restart Chrome and will be able to access the browser's extension settings as normal, with the offending extension shown as being corrupted - and unable to work its nefarious magic as it can't find the files it's looking for. You can then proceed to delete it as you normally would.

A similar extension for Firefox was also found by the researcher, which is propagated by ad-rotators showing it as a 'manual update for Firefox' and tricking users into installing it. This, too, has similar feature aimed at making its removal more difficult by closing any tab that contains the 'about:addons' string - the page you'd use to manage and delete extensions in Firefox.

However, thankfully, removing the extension in Firefox is much easier than in Chrome, as you only need to start the browser in Safe Mode by pressing down the Shift key when starting it. This will allow Firefox to run with all extensions disabled, and you can then remove the extension as you normally would.

Even though the extension was reported by Arntz to Google privately more than three weeks ago, it was only removed from the Chrome Web Store this Wednesday. You may still be affected by it, however, as Chrome allows sideloading extensions when developer mode is on, and adding the extensions from nefarious sites would allow it to be installed on your PC. Google also removed four malicious extensions that had affected as many as 500,000 users earlier this week.

[c]2017 Fars News Agency. All rights reserved Provided by SyndiGate Media Inc. ( ).
COPYRIGHT 2018 SyndiGate Media Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2018 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:FARS News Agency
Date:Jan 21, 2018
Previous Article:Windows 10 Build 17074.1002 Shows up in Slow Ring.
Next Article:How Long Will Patient Live? Deep Learning Takes on Predictions.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters