Malicious code has been discovered in 34 Chrome extensions available on the Google Chrome Web Store, which have accumulated over 87 million installs.
Spotted by security blogger and researcher Wladimir Palant (via Popular Science), the malicious code was first found in a Chrome extension named PDF Toolbox in late May. Now, a further 17 browser extensions have been found using the same code, all with similar types of extension utilities.
The PDF Toolbox offers features such as converting documents, merging two PDF files and downloading “opened PDFs” in opened tabs. However, downloading PDFs from non-active tabs means the extension has access to web pages that are currently open. The malicious code allows a website named “serasearchtop.com” to inject obfuscated malicious JavaScript code into visited websites.
Palant reports that the “extension also requests access to detailed browser tabs information and downloads,” even though it doesn’t use this information for its functions.
While the intent behind the malicious code isn’t clear, it can allow the extension to capture activity in a browser and redirect users to dodgy, fake websites – which can lead the developer to earn a profit through ads. An updated article shows that a Brisk VPN Chrome extension had reviews stating it was malicious, and other extensions, such as Image Download Center, were redirecting users to Bing Search (a common sign of browser hijacking).
The security researcher reported the malicious Chrome extensions to Google, and many have now been taken down from the Chrome Web Store. However, some are still active. Below is a list of the most popular browser extensions and their status as of writing.
| Chrome Extension Name | No. of Users (weekly) | Status |
| Autoskip for Youtube | 9,008,298 | Removed |
| Soundboost | 6,925,522 | Available |
| Crystal Ad block | 6,869,278 | Removed |
| Brisk VPN | 5,595,420 | Removed |
| Clipboard Helper | 3,499,233 | Removed |
| Maxi Refresher | 3,483,639 | Removed |
| Quick Translation | 2,797,773 | Removed |
| Easyview Reader view | 2,786,137 | Removed |
| PDF toolbox | 2,782,790 | Removed |
| Epsilon Ad blocker | 2,571,050 | Removed |
| Alfablocker ad blocker | 2,430,636 | Available |
| Amazing Dark Mode | 2,228,049 | Available |
Palant tested around 1,600 Chrome extensions on the Web Store, meaning there may be more using the same malicious code. If you recognise any of these browser extensions or experience any strange behaviour, such as redirecting web pages, remove them immediately. You can find a complete list of extensions and their status here.
How to remove malware on Chrome
First and foremost, the best way to detect, prevent and remove any malware on Chrome is by using one of the best antivirus software. These can detect malware hiding anywhere on your device (browsers included) and remove them with ease. That said, you’ll also want to reset your browser and remove any suspicious programs lingering around.
For more information of malware on Chrome, we’ve got you covered.
Use antivirus software to remove malware
The best antivirus software will detect and remove malicious programs and software affecting your device – including browser hijackers. Simply installing an antivirus and performing a system scan should be able to detect the source of the issue and get rid of it. What’s more, you don’t need to pay for all the security tools an antivirus service offers, as free antivirus software from providers such as Bitdefender, Avast One or AVG offers the same detection and removal features.
Install the antivirus and perform a quick or full scan if you see any suspicious behaviour on Chrome.
- Norton 360 Platinum review: Security multiplied
- Bitdefender review: All-in-one premium security
- Avast One review: Strong antivirus for free!
Remove the Chrome extension
- On Google Chrome, click on the puzzle “Extension” icon on the located next to the address bar.
- Select Manage extensions.
- Find the Chrome extension you wish to remove, then click Remove.
- A small pop-up will appear. Click Remove again.
Perform a safety check
Previously, the Clean up computer option would see if Chrome can find any unsafe software affecting your browser or device. This tool has now been removed, but you can perform a safety check and turn on Enhanced protection instead.
- On Google Chrome, click on the three vertical dots in the upper-right corner and select Settings.
- Select Privacy and security in the right-hand toolbar.
- Under Safety check, click Check now (or the arrow to perform it again).
If Chrome finds any issues, you’ll be able to tap on the option and follow the instructions to see how to handle the it. For those who don’t want to give malware hiding on web pages any chances, you can also turn on Advanced protection.
- In Privacy and security, click on Safe Browsing under Safety Check (or Security under Privacy and security).
- Select Enhanced protection to turn it on.
Turning on enhanced protection does what it says on the tin. Google states it offers “faster, proactive protection against dangerous websites, downloads and extensions,” along with warning users about password breaches. It’s important to note that enhanced protection requires browsing data to be sent to Google.
The default standard protection also protects against these, but it won’t send URLs to Google’s Safe Browsing tool to check them or send samples of pages, downloads and extension activity to help Chrome discover new threats.
Reset your default browser settings
Malware on Chrome will alter your browser’s settings right under your nose. Since it can be difficult to find out all the specific changes made, you’ll want to reset your browser’s settings.
Find out how to reset settings in Google Chrome below:
- On Google Chrome, click on the three vertical dots in the upper-right corner and select Settings.
- Select Reset setting in the right-hand toolbar.
- Click Restore settings to their original defaults and then select Reset settings.
This will reset settings and shortcuts, disable extensions, and delete cookies and temporary site data. This is a good way to undo what the sneaky malware on Chrome may have changed.
Remove suspicious programs
Malware can sneak onto your device as programs disguised as harmless services. If antivirus software doesn’t detect these malicious programs, you can remove them yourself by heading into your computer’s Control Panel.
- Use the search tool along the taskbar and type Control Panel on your Windows PC. Click on it.
- In the window that pops up, select Uninstall a program under Programs.
