YouTube player

Three malicious Chrome extensions, disguised as VPNs, infected approximately 1.5 million users, functioning as browser hijackers, cashback hack tools, and data stealers.

Discovered by ReasonLabs, the extensions (netPlus, netSave, and netWin) were distributed through an installer hidden in pirated copies of popular video games like Grand Theft Auto and Assassins Creed, and are downloaded from torrent sites. The extensions were automatically installed at the registry level, targeting users primarily in Russia, Ukraine, Kazakhstan, and Belarus. The fake VPNs not only stole sensitive user data but also disabled competing cashback and coupon extensions, redirecting profits to attackers. ReasonLabs notified Google, leading to the removal of the malicious extensions from the Chrome Web Store. The incident underscores the security risks associated with browser extensions, urging users to regularly check installed extensions and stay vigilant against potential threats.

This segment was created for the It’s 5:05 podcast