Malicious Gaming Extensions: A Child’s Play to Infection
(Apr 2, 2018)
A malicious web browser extension campaign themed around video games is infecting users with advertising malware (adware), according to Malwarebytes researchers. The extensions offer purported assistance in various video games and in some cases the individual extensions have been downloaded over one millions times, over 150,000 times, and over 100,000, among others. While adware can be harmful because it could slow down a machine and lead to potential malicious locations, this campaign’s extensions also request overly intrusive permissions upon download. The malicious extensions were found primarily in Chrome, but others were found in Firefox and Safari as well. The names of the extensions are the following listed in order from most to least installs: Search Web, ArcadeFrontier Ads, GamesChill Ads, PlayZiz Advertisements, Gamerscan Ad, ArcadeGala Advertising Offers, and VideoGameHub Advertising.
Recommendation: While web browser extensions can be useful in day-to-day business activities, it is possible, as this story describes, for malicious extensions to make their way into legitimate services. Your company should only use browser extensions and add-ons provided by trusted providers and maintain policies and what type of extensions are allowed on work machines. Furthermore, this campaign appears to be targeted at children due to the games these extensions claim add content for. Thus, it is important that policies are in place for your company that do not allow these type of extensions on work machines.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.