The National Coordination Center for Computer Incidents (NCCC) made a recommendation to Russian Internet users to minimize the installation of browser extensions.
“Currently, the threat is relevant, which is associated with the possibility of modifying common Internet browsers by installing additional software extensions (plug-ins) with different functionality (blocking intrusive advertising, storing passwords, etc.),” the NCC reports.
According to the agency, an example of a malicious modification of the plugin is the extension “Video in picture-in-picture mode”, originally designed to play streaming video in the Google Chrome Internet browser over the rest of the open tabs. According to the NCC, “there are facts of its use for organizing massive computer attacks on the information infrastructure of the Russian Federation.”
During the update, malicious code was introduced into this extension, and “as a result, the computers of Russian Internet users who have this plugin installed in their browser became participants in a bot network leading attacks on information resources of the Russian Federation, ” the NCC said.
In addition, the NCC warns that as a result of the addition of such functionality, malicious extensions can intercept logins and passwords from user accounts, bank card details, as well as bypass protection mechanisms, in particular, two-factor authentication.
The National Coordination Center for Computer Incidents ensures coordination of the activities of the subjects of the critical information infrastructure of the Russian Federation on the detection, prevention and elimination of the consequences of computer attacks and response to computer incidents.