Malvertising campaigns are widely used to infect users with serious malware, such as ransomware or banking details-stealing Trojans but a security specialist working for Malwarebytes has uncovered that one malvertising campaign was used to redirects users to a web page that forced them to install a rogue Google Chrome extension.

Fake Chrome extension pushes tech support scam

If you were redirected to that site, you would get a pop-up saying you need to add an extension to leave the page. Users have no choice but to click OK and permit the installation.

Once the extension is installed, it may be difficult to get rid of it. The Malwarebytes security expert has explained in a blog post on the site that the add-on will not allow you to access chrome://extensions where you can delete extensions. If you try to access it, you will be redirected to chrome://apps. Since you cannot remove the extension this way, you would need to use professional removal software to get rid of it or remove it from the Chrome installation folder.

Fake Chrome extension

If you allow this extension to stay on your computer, you may be redirected to tech-support scams. It will check for certain keywords in the URL and cause redirects to various scams. Malwarebytes reports that if a browser, infected with this rogue extension, tries to access the Malwarebytes web page, it will be redirected to potentially unwanted programs (PUP), get-rich-quick or other kinds of scams.

There may be several keywords that would cause redirects to a Microsoft tech-support scam, which will claim that your browser is infected and that you should call the provided number to solve the issue. These kinds of scams are not uncommon and many users still fall for them. If you were to call the number, the people behind this scam would most likely try to sell you some kind of overpriced useless software or/and attempt to get remote access to your computer. Microsoft would never give you these kinds of warning and it is important to remember that when encountering these kind of scams.

Google has since removed this extension from the store but if you think you are infected, obtain professional removal software and get rid of it.

Leave a Reply