A security researcher has claimed that a cumulative half a million Chrome users have been hit by four malicious browser extensions pushing click and SEO fraud.
Icebrg's Justin Warner and Mario De Tore spotted the extensions while investigating a spike in outbound traffic from a workstation in a customer's network. The company claims the four extensions had more than 500,000 downloads in all.
The extensions were Change HTTP Request Header (a legitimate capability is to hide browser type from trackers) and three apparently related to it: Nyoogle - Custom Logo for Google, Lite Bookmarks, and Stickies - Chrome's Post-it Notes.
A possible second use of the proxy would be to browse a company's internal network, for information that could be sent back to the control domain.
Google has removed the extensions from the Chrome Store. ®