Google Erases Malicious Chrome Browser Extensions Found by Trend Micro | eWeek

Google Removes 89 Malicious Brower Extensions From Chrome Web Store

Chrome Cleanup Tool
Verfasst von
Jaikumar Vijayan
Jaikumar Vijayan
Feb 2, 2018
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

As it has done many times over the past year with unwanted Android applications on its Play store, Google has removed 89 browser extensions from its official Chrome web store after a security vendor identified them as being malicious. 

Google has also disabled the rogue extensions from running on the devices of over 420,000 Chrome users whose browsers were infected with the malware. 

In a blog Feb. 1 security vendor Trend Micro said it discovered the browser extensions—which it has collectively dubbed Droidclub—being used to inject ads and crypto-currency mining tools into websites that the victims visited. 


The malicious browser extensions also contained keylogging code to record all the actions that a user might take on different websites including all their keystrokes, mouse clicks and scrolling actions. 

The code gave attackers a way to steal data that a user might enter into a web form including credit and debit cards numbers, CVV codes, phone numbers and email address, Trend Micro fraud researcher Joseph Chen wrote in the blog. 

The attackers used a combination of malicious advertisements and social engineering to distribute the Droidclub extensions on end user browsers. The malicious ads typically displayed false error messages that attempted to get users to install the rogue extensions on the browsers. When users acted on the fake download prompts, the rogue extension would download to their browsers from the Chrome store. 

Once installed the extension would communicate with an attacker-controlled command and control server for further instructions. The rogue extensions were designed to periodically serve up what Chen described as low-quality ads such as those associated with pornographic websites. 

Trend Micro’s disclosure marks the third time in under a month that security researchers have found malicious browser extensions in Google’s Chrome store. In January, security vendor ICEBRG reported finding four malicious Chrome extensions in the store that had been downloaded over 500,000 times. Malwarebytes was another cyber-security company to report a similar discovery in January, though in its case the company also reported finding a rogue extension for Firefox as well. 

Like the latest Droidclub extensions that Trend Micro reported this week, the malicious Chrome extension that Malwarebytes discovered was also designed to be very hard to remove. In both instances, users attempting to remove the browser extensions by visiting Chrome’s extension management page were redirected instead to another page. 

For Google, the proliferation of rogue browser extensions on its Chrome web store represents a problem that is similar to the one the company faces with its Play Android mobile app store. 

Over the past year in particular, threat actors have been able to frequently bypass Google’s security mechanisms and upload Android applications containing malware to Google Play. The company has been forced to remove hundreds of applications from Play after security vendors reported finding malware-laden apps in it.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.