Black Asphalt Road Surrounded by Green Grass

Malware spreading through Google Chrome Extensions

| 0 Comments | words | minutes | Permalink

Today I noticed a facebook-friend added a lot of links to a URL, while tagging alot of her friends (including me) in the post. I did some investigation on the links and found them to follow a PHP file on a webserver running on an IP address 87.98.175.xx. The html on the site, was a redirect to another domain, which tries to trick the user into installing a chrome extension named "Unlimited Watching" which actively spreads itself via your facebook contacts.Removal Instructions To remove the extension, browse to your local extensions folder:

C:\users\$username\AppData\Local\Google\Chrome\User Data\Default\Extensions

and remove the folder which should be named either "mlnbmbaijkebfahbjllddofbdahmknae" or "Unlimited Watching". After doing so, start up Chrome again.


Add comment