Trojanized Chrome Extension

Google Chrome users repeated threat warnings. Trojan.Multi.Preqw.gen, which Chrome tried to download from a third-party site, was specified as the source of the threat.

Culprits had abused more than twenty browser extensions to make Chrome work for them on users’ computers. The extensions that were made to perform malicious activity included a few fairly popular ones: Frigate Light, Frigate CDN and SaveFrom.

These extensions installed in more than 8 million users’ browsers accessed a remote server in the background, trying to download malicious code, a process that our security solutions detect as dangerous.

The attackers were interested in generating traffic to videos. In other words, the extensions were secretly playing certain videos in the users’ browsers, inflating view counts on streaming sites.

The invisible video player was only activated when the user was actually browsing, so that the inevitable slowing down of the computer could be attributed to Chrome’s usual lag when under load.

The malicious plug-ins intercepted access to a social network, probably for inflating like counts later. Regardless of the actual goals, a compromised social media account is something one would rather avoid.

The first thing you need to do is disable the malicious plug-ins, as those are what the security application reacts to. If you are not sure which of the plug-ins is dangerous, try disabling them one at a time until you find the right one(s).

Yandex for their part, has automatically disabled a number of extensions in its Yandex.Browser and continues to look for other plug-ins that pose a threat.