软餐获悉,谷歌最近从 Chrome 网上应用店中删除了 3 款浏览器扩展程序。这些扩展被安装了超过 150 万次。其中两款名为 netSave for Chrome 和 netPlus for Microsoft Edge。它们冒充为合法的 VPN 扩展,并通过流行视频游戏的 torrent 种子分发,涉及的游戏有侠盗猎车手、模拟人生 4、英雄 3 和刺客信条等。当用户在设备上安装时,上述三个恶意扩展就会被自动安装到浏览器中,无需用户交互。这些扩展会执行网购返现相关的攻击,它们会禁用用户的其他返现扩展。这些扩展是俄语的,似乎针对俄语地区用户。建议下载过.torrent 文件的 Chrome 或 Edge 用户检查自己的扩展程序列表。
Google recently removed three browser extensions from the Chrome Web Store. These extensions had been installed over a million times. Two of them were named netSave for Chrome and netPlus for Microsoft Edge. They posed as legitimate VPN extensions and were distributed through torrents of popular video games, including Grand Theft Auto, The Sims 4, Heroes 3, and Assassin’s Creed. When users installed these extensions on their devices, the three malicious extensions would automatically install themselves in the browser without any user interaction. These extensions carried out attacks related to online shopping cashback, disabling other cashback extensions used by the users. These extensions were in the Russian language and appeared to target users in Russian-speaking regions. Chrome or Edge users who have downloaded torrent files are advised to check their list of installed extensions.