Google removed more than 500 malicious Chrome extensions from the Chrome Web Store for injecting malicious ads, a tactic called malvertising, to users' browsing sessions.
These malicious Chrome extensions redirected users to websites they didn't intend to visit under certain conditions, like attempting to access e-commerce websites or searching for items available for purchase on affiliate websites. In some cases, the destination would be a legitimate website like Macys, BestBuy, or Dell; but in other cases, the destination would be a malware download site or a phishing page.
This decision came after a two-month investigation performed by Cisco's Duo Security team. They discovered the malicious Chrome browser extensions by noticing a trend in common URL patterns. Each of the 1.7 million affected Chrome users who visited the malicious websites had one of various generic Chrome extensions installed with very little information about their true purpose. They believe the group who created these malicious Chrome extensions may have been active since the early 2010's.
Networks of malicious Chrome extensions like these have been found in the past. Typically these work by redirecting users to legitimate advertisements as they browse the web. Makers of these extensions make their profits through ad revenue generated each time they force a user to view an ad that they've placed. These typically go unnoticed because, in the current state of the web, it isn't uncommon to see several advertisements and popups while browsing the web. However, these should not be the norm and can be avoided.
How Can I Protect Myself From Malvertising?
Install Browser Protection
Browser protection is among the cutting edge of online safety technology. Products like Guardio scan each of the websites that you visit and extensions that you add to ensure that they're free of malicious code and scams. They catch things like extensions, including malvertising, phishing pages, and keyloggers that often go unnoticed, even to the savviest individuals. When a malicious site or extension is found, these products block the offending website or extension and let you know why. They also alert you when a website that you're visiting is still too new to be trusted. Browser Protection keeps you safe by stopping threats BEFORE they reach your device, instead of afterward like traditional antivirus solutions.