A Chrome extension is stealing your credit card details with you knowing, do you have it installed on your device?
A Chrome extension, that is currently still available on the Chrome Web Store steals card information from online payment forms visited by infected users.
ElevenPaths conducted analysis into the extension, identifying that once the extension is installed, it exploits the API functionality “webRequest.onBeforeRequest” to intercept the users form submissions.
The extension regularly monitors the entry of payment card details through implementing regular expressions in their code. Such as: “vvregex” for Visa, and “mcregex” for Mastercard.
ElevenPaths noted “That is, in case of any of the data included in the request is a card number, these numbers –encoded in JSON– will be sent to the attacker through an AJAX request. In particular, it uses the “sendFormData” function, which contains the base64-encoded end URL.”
This extension has been installed 400 times; however due to the extension only being available to download via the malicious user spreading the link themselves, the spread has not been huge. This simple extension takes advantage of a single API call, showing how simple it is for malicious users to retrieve and exfiltrate personal data.
SUBSCRIBE TO OUR NEWSLETTER
Have all of the latest Cyber Security news sent directly to your inbox, FREE of charge.