Beware of the minefield that is the Google Chrome Web Store, which has been recently in the spotlight for hosting malicious ad blockers. Adguard Security Researcher Andrey Meshkov published a report highlighting five ad blockers which have actually been repurposed into malware. Meshkov reports that up to 20 million users have been infected. Thankfully some of the fake ad blockers have been removed by the Google Chrome team.

What Happened?

Diving a bit deeper into how these malicious ad blockers were allowed into Google Chrome’s store it was discovered they were actually malicious replicas. What the cyber attackers did was copy legitimate code and added a few tweaks. The malicious adblockers were being used to harvest information about affected users web browsing activity and manipulate the browsers themselves. The malware essentially turned all 20 million users’ browsers into a botnet, which is a device or service under the control of a remote hacker.

How Does This Impact You?

The implications of this are serious and should set off alarm bells for organizations who use remote employees or who allow employees to alter software on their devices. If you do not know what add-ons employees are installing on their devices then you may have a compromised network and not even know it. When your employees are using browsers they are entering credentials and at times sharing sensitive company information. If there is a data breach outside hackers may already hold the keys and may have not acted yet. It would help to take some precautions and deploy some insider-centric security practices.

How to Protect Yourself

Thankfully this problem can easily be prevented through Google Chrome’s Admin Console. However, there are more measures that you can and should take to protect your organization.

Google Admin Console

If you haven’t done so already you should configure Chrome policies for users in your organization. Through the admin console you can set policies for how Google accounts behave on computers, Android devices, or Chrome devices. Setting device-level policies should be done in addition to setting policies on each device through the Windows manager. If you would like to know more about how you can do this you can view a step-by-step guide to establishing Chrome policies.

Session Monitoring

When employees are using company assets to do work it is permissible to monitor usage. Security products like Teramind are able record and save full video sessions which can show more than some system logs may reveal to you. Session monitoring would allow you to see if employees have installed any unauthorized extensions on their browser. Extensions such as adblockers offer convenience and declutter the activity of browsing. These conveniences are the reason why people download extensions in the first place. If an employee installs an extension they may not have malicious intent but the developer or current manager of the extension may have other goals.

Periodic Device Review

Ensure that you or your IT team are conducting physical and digital reviews on the devices that your employees are using. Remember that sometimes some employees may have found a way to circumvent some security measures. While in this context you are checking browsers for extensions, you still want to check for everything else.

Make sure to be diligent about security and what extensions are installed in browsers across all your devices. Click below to learn more about Teramind.

Insider Threat Detection