Chrome Extension that Steals Credit Card Data Detected
Security researchers have found a Google Chrome extension which steals payment card information and which is still available on Chrome Web Store.
The ElevenPaths blog post explains that the malicious extension, which seems to be a ‘Reader Flash’ created by the supposed developer fbsgang.info, is distributed through the injection method. The extension embeds a simple function within all the websites that a user visits and exploits API functionality webRequest.onBeforeRequest to intercept the user’s form submission.
“This registered function monitors, by means of regular expressions, credit card numbers (if you look at the code you will realize that there are regular expressions for Visa (vvregex), MasterCard (mcregex), etc. That is, in case of any of the data included in the request is a card number, these numbers –encoded in JSON– will be sent to the attacker through an AJAX request,” reads the ElevenPaths post.
This malicious extension, when detected, had been installed 400 times. Though it’s available on the Chrome Web Store for almost a year now, it has not spread massively as the extension is made public only to those who know the link and is not available through usual searches performed on the Web Store.
ElevenPaths has reported the extension to Google, to get it removed from the Chrome store.
Julia Sowells923 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.