Beware: Popular Chrome extension becomes malicious after change of ownership

Cybersecurity researchers have discovered a case where some extensions for the Google Chrome browser became malicious after a change in ownership of the project. After transferring control of the extension, the new owners sent users updates that actually contained malicious functionality.

Attackers exploited users' pre-existing trust. Because the extensions were previously considered legitimate, many users automatically installed new updates without noticing any changes in their behavior.

After the update, extensions began injecting additional code into web pages. This technique allows performing various actions on the user's browser, including manipulating web page content or extracting sensitive data.

The researchers also found that the malicious code was often downloaded from remote servers. This means that the extension itself did not necessarily contain the obvious malicious code, as it was only dynamically downloaded during use. This approach makes it difficult to detect the threat during normal security scans.

The case highlights a broader problem in the browser extension ecosystem. When ownership of a popular extension changes, new developers can take advantage of the existing user base and spread malware via official updates.

Security experts therefore recommend caution when installing extensions. In addition, it is necessary to regularly check their permissions, developers, and changes after updates.