The FBI has released a critical alert to all three billion Google Chrome users regarding a newly developed hacking scam.
Browsing the internet and utilizing our smartphones can expose us to the threat of hackers.
From counterfeit WiFi networks to fraudulent apps, hackers are continuously seeking innovative methods to exploit technology and access our data and personal information.
The federal agency has now highlighted a new tactic where cybercriminals are creating websites on Google to convert files, such as changing a .doc to a .pdf, or converting MP3 or MP4 files, which are then embedded with harmful code.
Once these fraudulent files are downloaded, hackers reportedly gain access to sensitive stored information, including social security numbers, passwords, and banking details.
Vikki Migoya, a public affairs specialist for FBI Denver, expressed concern: “Unfortunately, many victims don’t realize they have been infected by malware until it’s too late, and their computer is infected with ransomware or their identity has been stolen,” as reported by The Daily Mail.
Migoya continued: “The scammers try to mimic URLs that are legit – so changing just one letter, or ‘INC’ instead of ‘CO.’
“Users who in the past would type ‘free online file converter’ into a search engine are vulnerable, as the algorithms used for results now often include paid results, which might be scams.”
The FBI advises Chrome users to avoid downloading file converters from unknown websites.
If you’ve already downloaded one and suspect you are a victim, the agency recommends contacting your bank or financial institution immediately, reporting the incident to IC3.gov, and having your device inspected.
The FBI further suggests: “Run up-to-date virus scan software to check for potentially malicious software installed by the scammers.”
“Consider taking your computer to a professional company specializing in virus and malware removal services.”
This announcement follows a warning to millions of Google Chrome users about 16 different types of browser extensions that have been compromised by hackers.
The affected extensions include Blipshot, Emojis, Color Changer for YouTube, Video Effects for YouTube and Audio Enhancer, Themes for Chrome and YouTube Picture in Picture, and Mike Adblock for Chrome, Super Dark Mode, and Emoji Keyboard Emojis for Chrome.
Adblock for Chrome, Nimble Capture, KProxy, Page Refresh, Wistia Video Downloader, Adblocker for Chrome, and Adblock for You are also reportedly impacted by hackers.
GitLab Threat Intelligence, which uncovered this scheme, reported: “We identified a cluster of at least 16 malicious Chrome extensions used to inject code into browsers to facilitate advertising and search engine optimization fraud.”
“The extensions span diverse functionality including screen capture, ad blocking and emoji keyboards and impact at least 3.2 million users.”
“The threat actor uses a complex multistage attack to degrade the security of users’ browsers and then inject content, traversing browser security boundaries and hiding malicious code outside of extensions. We have only been able to partly reproduce the threat actor’s attack chain.”
Google has confirmed that these extensions have been removed from the Chrome Web Store, but users who have already downloaded them must manually delete them from their devices.