• ‘Flash Reader’, an extension available in Chrome Web Store, steals credit card and payment related details from web forms that are filled by users.
  • This extension uses JavaScript to detect a user’s browser, following which it redirects to its Web Store link.

A new, malicious Chrome Extension is on the prowl in Chrome Web Store. Known as ‘Flash Reader’, this extension once installed pulls sensitive information such as credit card and payment details of the users.

It appears that the extension can only be accessed from the store if attackers use JavaScript injection methods and redirect victims to the link.

Security company ElevenPaths detected this malicious entity, and have conducted an extensive analysis of its working.

“Once installed, it embeds a simple function within all the web sites visited by the user. Particularly, it exploits the API functionality webRequest.onBeforeRequest, so allowing to register a ‘hook’ which will be called just before the user may send a new HTTP request from the web site (for instance, by clicking on a link or submitting a form),” describe the researchers on their article on this extension.

Available since February 2018

The article also pointed out that Flash Reader was available in Chrome Store since the past February. After it was detected, it was installed around 400 times.

Reportedly, the extension has not caused breaches on a massive scale. On the other hand, its availability is only limited due to the fact that attackers only send the extension’s links to its target victims. It is not found when searched on the Chrome Store.

ElevenPaths has informed Google of this malware-spreading extension. The tech giant is yet to resolve this issue. However, users are advised to stay away from new extensions and install only that come from reliable entities.

Cyware Publisher