{"id":11918,"date":"2018-04-03T08:10:07","date_gmt":"2018-04-03T16:10:07","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/04\/03\/news-5687\/"},"modified":"2018-04-03T08:10:07","modified_gmt":"2018-04-03T16:10:07","slug":"news-5687","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/04\/03\/news-5687\/","title":{"rendered":"Malicious gaming extensions: a child’s play to infection"},"content":{"rendered":"

Credit to Author: Pieter Arntz| Date: Tue, 03 Apr 2018 15:30:00 +0000<\/strong><\/p>\n

Did you ever lend your laptop to a child to play a video game, only to get it back filled with advertisements? Our CEO knows<\/a>\u00a0a little bit about that predicament, having unknowingly infected his parents’ computer when he was a kid. But times have changed since then.<\/p>\n

Let us play for you a modern-day scenario, then, to show how it’s a short trip from \u201cI want to play this game\u201d to \u201cHey, there\u2019s adware on my laptop!\u201d<\/p>\n

How to get infected playing a video game<\/h3>\n

These days the coolest kids at school aren’t playing football\u2014they’re playing video games. Of course, your kid wants to be the best in a popular game like Slither.io. So he grabs the family laptop and does a search for \u201calways win slither<\/a>.\u201d<\/p>\n

Look at the top search result: a YouTube video<\/a> by a well-known YouTuber named Jelly, who has 7,866,496 subscribers tuning into his gaming channel. If you were a gaming portal, would you think it’s worth the investment to pay AdChoices<\/a> to get a relevant advertisement on that page?<\/p>\n

\"slither.io<\/a><\/p>\n

Well-placed advertising always pays off.<\/em><\/p>\n

With its prominence and high potential for pay-off, the answer is decidedly “yes,” especially if your intentions are less than ethical. Normally, the game is free to play, but who is going to stop you from creating a landing page that says you have to install this browser extension before you can play?<\/p>\n

Advertising networks certainly won’t.\u00a0In order to advertise online, businesses must merely sign up with a network and then bid in real time to have their ads appear on popular websites. However, not all advertising networks have strict criteria for advertisers\u2014ad sellers don\u2019t always know the buyers. Not only that, but buying advertising space is increasingly being transacted automatically, which leaves the door open for further mischief.<\/p>\n

\"install<\/a><\/p>\n

Install the extension, even though the game is completely free, why don\u2019t you?<\/em><\/p>\n

So, back to our kid. Remember, he just learned how to beat all his friends, so he’s eager to get going. He downloads the extension at the upper right-hand side of the screen because it’s the closest thing resembling a “play” button. What harm is a little extension going to do?<\/p>\n

\"permissions\"<\/p>\n

All it can do is \u201cRead and change all your data on the websites you visit,\u201d after all.<\/p>\n

Wait, what?<\/p>\n

Yes, it knows which websites you visit, gathering all the data about your surfing behavior. And yes, it can use that information to insert relevant advertisements on those sites. And unfortunately, that\u2019s exactly what these extensions do. So we have a question for your kid, who’s about to install this extension on your laptop:<\/p>\n

\n

Do you treat advertisements on the site of your favorite gaming portal with the same level of trust as the ones on a random Facebook page? Or do you trust one site’s ads over the other?<\/p>\n<\/blockquote>\n

If the answer isn’t clear here, then we might need to supply further instruction on the psychology behind successful marketing: The power to insert advertisements on sites that your target audience trusts is a desirable one\u2014one that cybercriminals would gladly pay for.<\/p>\n

And pay they did, aiming their advertising campaigns at games that attract a relatively young audience, including Slither.io, HappyWheels, Paper.io, Subway Surfers, MineCraft, and BlockWorld, among others.<\/p>\n

What does the malicious browser extension actually do?<\/h3>\n

Now that the line of infection is clear, let\u2019s talk numbers.<\/p>\n

Because their advertising landing pages are so prominent and well-placed, gaming extensions bring in a lot of traffic to Chrome’s Webstore. The GamerSuperstar extension, for example, has been installed almost 100,000 times.<\/p>\n

\"extension<\/a><\/p>\n

If you download the extension directly from Webstore, you probably have a better idea of what its capabilities and permissions are by scrolling through the product descriptions and reading user reviews. This is not true, however, if you just click prompts from an advertising landing page. And that’s how these criminals pull the wool over users’ eyes, getting thousands to download without realizing what they are getting into.<\/p>\n

And what they’re getting into is a whole lotta adware.<\/p>\n

The extension does absolutely nothing to change the gameplay\u2014it’s completely unnecessary. All you gain by installing most of these extensions is targeted advertising on the sites you visit. A select few also alter your search and newtab settings.<\/p>\n

\"ArcadeTab<\/p>\n

ArcadeTab comes with a search newtab<\/em><\/p>\n

Other malicious gaming extensions<\/h3>\n

I wish we could say that GamerSuperStar was the only example of a malicious gaming extension that we have come across. Over the last few months, however, we’ve tracked quite a few of them.<\/p>\n