Nyoogle, Lite Bookmarks, Stickies, Change HTTP Request Header roguge extensions
The affected rogue extension list includes Change HTTP Request Header, Nyoogle-Custom Logo for Google, Lite Bookmarks and Stickies- Chrome’s Post-it Notes.
The total number of users who were actively using the extension is pegged at more than 500,000 and the ICEBRG security firm has already noted this and informed the National Cyber Security Centre of the Netherlands (NCSC-NL), Google Safe Browsing Operations Team and the United States Computer Emergency Readiness Team (US-CERT.)
At this point, all the four extensions are removed from the Chrome Web Store with Nyoogle being the last. That being said just because Google has removed the extension from the web store doesn’t mean that the extension ceases to exist. If you had downloaded any of the above-mentioned Chrome browser extensions simply uninstall and clean their systems. At this juncture it is still unclear if the same group was behind all the rogue extensions. However, ICEBRG has said that the four extensions employed similar techniques and procedures.
This entire incident also highlights the problem of maintaining workstation hygiene. In this case, the trust factor was high since the extension was available on the official Google Chrome web store. Thankfully the attacker is not using the code for anything other than the fake ad clicking scam. However, it is very much possible for attackers to use this technique and bring down an entire network or organization.
Read the full details at the source.