Chrome Web Store Includes Malicious Extensions
Google Chrome has been experiencing significant issues due to malicious extensions being available in the Chrome Web Store. The users who are downloading the malware-riddled extensions are unaware what they are downloading is malicious. The perception is, if the application is available through the Chrome, Google, or Apple store, it has been properly tested to ensure its security.
Unfortunately, that vetting process is far less rigorous than it should be. These cyber criminals have proven how easy it is to bypass the automated vetting process used by the Chrome Web Store. Hackers are still submitting the extensions and/or apps through the vetting process. However, instead of shipping the program with the malicious software, they are added it to the installation process. Once the malware is installed, depending on the variant, it may steal personal data from the user, passwords, or cryptocurrency.
Google is aware of the workaround hackers are using to put malware in these applications. Although, it remains unclear what they intend to do about it. Most would believe since they know of the weakness, it would be improved upon immediately. Except, according to Tom’s Guide, Google has known since 2015, and has yet to fix the issue. In order to fully resolve the problem, Google would have to significantly increase their vetting budget so they could replace the automated process with actual malware researchers. This will be costly, but far more effective than the automated vetting process the Chrome Web Store is using.