Alert – The Chrome Extension “Great Suspender” Contain Malware!

Alert – The Chrome Extension “Great Suspender” Contain Malware!

On 4th February Google force down Chrome’s most popular extension used by millions of users, because it contains malware.

The extension has emerged because it executes an arbitrary code using the remote server and also it tracks the users online and responsible for online fraud. The experts said that the previous owner may be sold the extension to other parties, who may misuse the application content and exploit the user’s database by tracking, advertising fraud, and many more.

The Great Suspender extension had around 2.5 million users before it gets blocked from the Google store. The shady behavior of the extension is being observed by November. Microsoft blocked the extension on Edge browsers last November. The company suspends the tabs of extension and replace it with the blank gray screen until it completely reloads while returning to the tabs that are in question.

Experts Views!

Alert – The Chrome Extension “Great Suspender” Contain Malware

According to the cyber experts the Great Suspender extension original developer has sold it to an unknown entity in June 2020, after two new versions were released v7.1.8 and v7.1.9 to the chrome web store. The extension users can able to recover the tabs using the workaround, they can also use the latest version v7.1.6 available on GitHub as an alternative by enabling Chrome Developer mode.

Bojan Zdrnja who discovered a novel method that assists the threat actors while abusing with Google Chrome sync feature and bypass the firewalls to establish the connection to gain the attacker-controlled servers for data ex-filtration said that always remember while turning the developer mode you may have faced other consequences too. He also added that there are some limitations on the size of data and amount of requests which is actually perfect for C&C commands or for hijacking confidential information.

Determination

The advisory was created for multiple security add-on that was further masqueraded as Force Endpoint Chrome Extension for Windows, which was directly installed on the browser once the developer mode is enabled.

The experts also said that the given attack needs physical access while targeting a system, therefore it is not able to be resolved by Google.

Leave a Reply