Despite repeated complaints, the malicious Google Chrome extension responsible for stealing payment card details in web forms is still available on the official Chrome Web Store.
The extension named “Flash Reader” is created by a cyber-criminal group has been part of the malware culture for a long time.
Although, the website through which the extension could be accessed is currently down, the same is available on the Play Store – meaning a potential threat to many innocent users.
Up until now, approximately 400 users have installed the extension.
According to a report by ElevenPaths, a Telefonica's cyber-security division, the extension is accessible through http://fbsgang[.]info/flashplayer. The page redirects web traffic by using different lures including the classic; “you don’t have Flash installed, use this Chrome extension instead” and takes the users to Flash Reader's official Chrome Web Store page to install it.
To confirm the findings by ElevenPath – a reported and a third party reviewed the extension and found that it contained code that intercepted any form submission made on any web page. At first, it analyzes the form’s content for card number patterns and then sends all the data entered in the current form to its command and control (C&C) server, located at http://fbsgang[.]info/cc/gate.php.
Currently, the command and control server is down but usually, they are taken down between campaigns while the danger of a new campaign still hangs over the virtual world.
ElevenPath and ZDNet claimed to reach out to Google regarding the extension but the extension remains to be active.
Continue to check back with us at Digital Information World for updates on the extension.
Photo: Thomas Trutschel via Getty Images
The extension named “Flash Reader” is created by a cyber-criminal group has been part of the malware culture for a long time.
Although, the website through which the extension could be accessed is currently down, the same is available on the Play Store – meaning a potential threat to many innocent users.
Up until now, approximately 400 users have installed the extension.
According to a report by ElevenPaths, a Telefonica's cyber-security division, the extension is accessible through http://fbsgang[.]info/flashplayer. The page redirects web traffic by using different lures including the classic; “you don’t have Flash installed, use this Chrome extension instead” and takes the users to Flash Reader's official Chrome Web Store page to install it.
To confirm the findings by ElevenPath – a reported and a third party reviewed the extension and found that it contained code that intercepted any form submission made on any web page. At first, it analyzes the form’s content for card number patterns and then sends all the data entered in the current form to its command and control (C&C) server, located at http://fbsgang[.]info/cc/gate.php.
Currently, the command and control server is down but usually, they are taken down between campaigns while the danger of a new campaign still hangs over the virtual world.
ElevenPath and ZDNet claimed to reach out to Google regarding the extension but the extension remains to be active.
Continue to check back with us at Digital Information World for updates on the extension.
Photo: Thomas Trutschel via Getty Images