Indian Cyber Security Agency Takes Down Over 100 Malicious Chrome Extensions

Just a few days ago the Indian Government announced a ban in as many as 59 apps for their China-links. Amongst the banned apps were some of the popular and most downloaded apps such as TikTok, UC Browser, SHAREit, and others. Now another advisory is doing rounds online warning against the usage of some Google Chrome extensions due to security and privacy concerns. Following are the details:

As per the Computer Emergency Response Team of India (CERT-In), users should take extra caution while downloading extensions on Google Chrome. For reference, the CERT-IN is a part of Ministery of Electronics and Technology which handles all the cybersecurity threats in India.

As per the agency, the reason to take caution while downloading or using such Chrome extensions is over privacy concerns. The agency also noted that it has removed over 100 such malicious extensions from Google Chrome citing security and privacy concerns.

The agency further noted that all these restricted Google Chrome extensions were collecting users' personal and sensitive data. That's not it, these extensions were also dodging security scans from Google Chrome's Web store and were using a special code for the same.

Furthermore, these extensions stole data by reading a user's keystrokes to read passwords and other sensitive data a user enters on any website. Moreover, the extensions were also able to capture screenshots and also read the clipboard and collect authentication cookies.

As a measure of precaution, the cybersecurity agency has also suggested the users download any extension if it is required. Downloading any third-party unknown extension might lead to compromised security. Specifically, the extensions that are free and are from random websites whose authenticity remains a question.

via