Did You Come Across the Rogue Google Extension iCalc?


The security firm Malwarebytes has discovered a rogue Google extension called iCalc which was tricking users through a malvertising campaign. It grants invasive permissions and let the app spy on user activity. It guises itself as a calculator and over 1,000 downloads have been made before it was removed from the official web store.

Jérôme Segura, senior security researcher at Malwarebytes said, “One of the main points of entry is via rogue browser extensions which are increasingly becoming a problem and are being leveraged in various types of attacks including data theft, spying, pop-up ads and more,”

“Even though the surface of attack is smaller than that of a typical Windows PC, online crooks will always find a way to abuse the system.”

This extension has shown so many red flags of being malicious, including a lack of screenshots or reviews on the download store and requiring an extremely invasive set of permissions.

Surprisingly it hasn’t even had the advertised calculator. Instead, it granted the extension the ability to “read and change” all data on websites visited by the user. Analysis also revealed that it included a set of malicious scripts to create a proxy and perform website interception requests.

It has been observed by  Malwarebytes that after the extension was removed from Google store, a different variant of the Chrome extension was forced by the same malvertising campaign but this time redirecting unwitting users to a social networking website.

“Chrome extensions are very much like Android apps as they require certain permissions (access to your contacts, microphone and camera) and unfortunately more often than not they require more rights than they ought to have… Additionally, a lot of people don’t really understand what those mean and will install these extensions and forget about them,” said Segura.

“Often their motivation is to harvest your browsing habits and resell them to marketing companies to target you with ads,” he added.

It has also been observed that Cyber criminals often use malvertising to exploit flaws in popular software such as Adobe Flash.

Beware of what you put in your phone.

Source: Akati

Comments are closed.