Three harmful extensions for the Google Chrome browser, named netPlus, netSave, and netWin, have been discovered by experts from Reason Labs. These malicious add-ons were silently installed along with pirated versions of popular games such as “Grand Theft Auto” and “Assassins Creed.” To achieve their goal, attackers used a trick involving adding a registry key to the Windows system.
Money Back Theft
The installed browser extensions disabled money back features and replaced affiliate links. In this way, during online purchases, the refunded funds were transferred to the criminals’ account. Additionally, these extensions impersonated VPN service users.
The full list of functionalities of these extensions is still unknown, but it is quite extensive as the script code contains over 20,000 lines, making it difficult to analyze precisely.
Are Russians the Only Ones?
The attack had a wide reach, affecting even 1.5 million people. NetPlus was the most popular extension, installed by over two-thirds of users. Researchers also discovered about a thousand active sources of torrents that distributed infected game installers.
Although the main target of the attack was Russia, Ukraine, and Kazakhstan, based on Russian-language descriptions, it can be inferred that anyone, regardless of their country, could become a victim of these harmful extensions.
What to Do If You Download from Torrents?
After receiving the report, the malicious software was removed from the Chrome Web Store. Nevertheless, there is a risk that the extensions are still installed in the browser. To check if your browser is free from these harmful add-ons, it is worth checking the list of installed extensions by typing chrome://extensions/ in the address bar.
Photo Source: Shutterstock
Text Source: Press materials, own compilation
FAQ
What were the names of the harmful extensions for Google Chrome?
The harmful extensions were named netPlus, netSave, and netWin.
Did these extensions install along with pirated game versions?
Yes, the extensions were silently installed along with pirated versions of popular games.
Did the extensions function as VPN clients?
Yes, the malicious add-ons impersonated VPN service users.
How to check if my browser is infected with these extensions?
You can check by opening the list of installed extensions by typing chrome://extensions/ in the address bar of the Google Chrome browser.
Definitions
VPN
A Virtual Private Network (VPN) is a technology that creates a secure, encrypted internet connection between your device and a remote server. Through this connection, your data is protected from eavesdropping and various types of attacks.
The source of the article is from the blog queerfeed.com.br