This post was originally published on this site is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to

A security researcher has claimed that a cumulative half a million Chrome users have been hit by four malicious browser extensions pushing click and SEO fraud.

Icebrg’s Justin Warner and Mario De Tore spotted the extensions while investigating a spike in outbound traffic from a workstation in a customer’s network. The company claims the four extensions had more than 500,000 downloads in all.

The extensions were Change HTTP Request Header (a legitimate capability is to hide browser type from trackers) and three apparently related to it: Nyoogle – Custom Logo for Google, Lite Bookmarks, and Stickies – Chrome’s Post-it Notes.

Change HTTP Request Header didn’t contain malicious code, the post stated. Rather, it downloaded “a JSON blob from ‘change-request[.]info’”, and that blob pushed a configuration update, after which obfuscated JavaScript was fetched from the control domain.

“Once injected, the malicious JavaScript establishes a WebSocket tunnel with ‘change-request[.]info’. The extension then utilises this WebSocket to proxy browsing traffic via the victim’s browser”, the post said, and that was how the click-fraud was launched.

A possible second use of the proxy would be to browse a company’s internal network, for information that could be sent back to the control domain.

The three related extensions used similar techniques to inject unsafe JavaScript, Icebrg’s analysts believe. The “Stickies” app went one step further, trying “to obfuscate its ability to retrieve external JavaScript for injection by modifying its included jQuery library”.

Google has removed the extensions from the Chrome Store. ®

Sponsored: Minds Mastering Machines – Call for papers now open

At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.

Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group,