Google has been battling malware in various forms online, and one of its biggest problems is malicious ads and clones.
Attackers usually host fake pages which resemble the Mountain View company’s own services.
Sometimes the bad guys even create fake applications to resemble Chrome, but in reality, when a user installed it, it would be a malware or a phishing app. This unfortunately isn’t limited just to web services, Google Chrome Extensions are often targeted by malware developers too. Somehow they manage to find a way past the browser’s robust defenses and security protocol checks, and in the end it is end user who has to suffer. Usually it is done through malvertising, aka malicious advertising, where a genuine ad is replaced with an ad injected with malware code.
Malwarebytes reports that one such extension for Google Chrome, was the iCalc add-on. It was hosted at a website which forced the user to install the extension, with no way to quit the window or refuse to install the add-on. Apparently if the user moved the cursor towards the address bar or the close button, a pop-up message along with an audio warning would play.
Anyway the extension was reported to Google, and it was deleted from the Chrome Web Store but appraently it was installed on nearly a 1000 computers, which are likely to have become infected. A similar add-on surfaced elsewhere soon, in Russia, and was distributed in the same malvertising technique and redirected users to a social networking site.
So take care to check what extensions you have installed in Google Chrome. You can do so by clicking Tools > Extensions or by opening chrome://extensions/ in the address bar.
via: Malwarebytes Blog