Russian hackers exploiting antivirus blind spot for browser add-ons

News by Eugene Gerden

Criminals in Russia are exploiting the fact that some antivirus software doesn't analyse browser add-ons to load malware hidden in popular classes of plug-ins.

Hackers are using new criminal schemes to steal funds from credit cards, according to recent statements from the Russian Ministry of Internal Affairs.

Sergey Matveev, an official spokesman of the press-service of the ministry, told SC Media UK that hackers began to actively use plugins with weather forecasts and currency rates, which help them to steal passwords for credit cards and other confidential information.

According to the ministry, several million people have already become its victims so far and it warns that this poses a threat to European Union states, as well.

Sergey Matveev comments: “Under harmless programs such as ‘currency exchange rate', hackers may hide a malicious code. The infected plugins can usually bring much more harm than common viruses, as plugins have access to everything that happens on the page of the browser. The malicious extension is able to change the entire form of payment, sending confidential banking data directly to the fraudster. In addition, such malicious extensions can thieve all the data which is inserted on the online bank page. Or, for example, replace the form for entering bank data on the web-server  you trust.”

Anton Tretyakov, head of the Strategia + agency, one of Russia's leading IT agencies which specialises in the design of cyber security solutions, told SC that a significant number of antivirus programs do not analyse browser add-ons, with the result that fraudsters can get bank card data, logins and passwords of card holders and other confidential information.

Tretyakov added that the new scheme is actively developing due to its effectiveness, as it affects the mass segment of banking customers, the owners of personal payment services, loyalty programs and more. According to him, extensions may not have malicious functions during their installation and can work properly to begin with, only beginning its attack on clients at a later date.

Cyber-crime analysts at the ministry advise browser users to only download extensions from the developers' official app stores.

In addition, only install essential extensions, and carefully read the warnings before ticking or unticking any boxes during installation. It is also necessary to monitor the list of installed extensions: there may be unexpected things that the majority of users are not intended to install.

In June 2016, the Russian Ministry of Internal Affairs already reported that there had been a significant increase in the amount of crime involving cyber-criminals specialising in the theft of bankcard personal data.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews