The Seattle-based ICEBRG's Security Research Team discovered four malicious Google Chrome extensions affecting some 500,000 users. These provide a substantial pool of resources to use for fraudulent purposes and financial theft.

While performing a routine investigation of anomalous traffic, ICEBRG's SRT detected a suspicious spike in outbound network traffic from a customer workstation prompting an investigation leading to the discovery of harmful Google Chrome extensions, which could affect workstations within major organizations, including financial institutions, globally.

The ICEBRG research team, Justin Warner, principal security engineer and Mario De Tore, technical director, security research and operations, revealed their findings in a blog. “While these web-based applications can enhance the user's overall experience, they also pose a threat to workstation security with the ability to inject and execute arbitrary code.” The SRT asserted to a motivated threat actor, this approach presents a range of opportunities, from co-opting enterprise resources for advertising click-fraud to leveraging a user's workstation as a foothold into the enterprise network.

Click fraud campaigns allow a malicious party to receive revenue by compelling victim systems to visit advertising sites that pay per click. Threat actors could also use the same capability to browse internal sites of victim networks, bypassing perimeter controls intended to defend internal assets from external parties.