CERT-IN issues advisory on Google Chrome extensions as Chinese cyber attack threat looms

Internet users should exercise caution while installing Google Chrome extensions as the company has removed over 100 malicious links after they were found collecting "sensitive" user data, country's cybersecurity agency said today.

The Computer Emergency Response Team of India (CERT-In), the national technology arm to combat cyber attacks and guard the Indian cyberspace, said malicious extensions had the ability to take screenshots, read the clipboard, harvest authentication cookies or grab user keystrokes to read passwords and other confidential information.

"It has been reported that Google has removed 106 extensions of the Google Chrome browser from the chrome web store which were found collecting sensitive user data," the agency said in the advisory. "These extensions, reportedly posed as tools to improve web searches, convert files between different formats as security scanners and more," it added.

CERT-IN also suggested users uninstall Google Chrome extensions with IDs given in the IOCs (organisational chart) section. Users can visit the chrome extensions page and subsequently enable developer mode to see if they have installed any of the malicious extensions and then remove them from their browsers, the agency said. It further advised users to only install extensions which are absolutely needed and uninstall those which are not in use.

READ | Centre To Beef Up Cybersecurity After 59 Chinese Apps-ban; Key Meet Amid Agencies' Warning

READ | Google Photos To No Longer Auto-backup Media Files From Social Media, Chat Apps

Chinese attacks

Earlier on Wednesday, Republicworld reported that the Ministry of Information and Technology (IT) has called for an important meeting following intelligence reports of cyber attacks incoming from Chinese hackers. The call for the important meeting comes a day after 59 China-origin apps were banned by the Centre following several reports about the misuse of some mobile apps available on Android and iOS platforms for "stealing and surreptitiously transmitting users' data in an unauthorised manner to servers which have locations outside India".

The meeting also follows hot on the heels of Chinese hackers claiming to have hacked the Aarogya Setu app on Tuesday night. Users faced issues in logging in to the application. However, the government clarified that the issue had been resolved.

Chinese companies have played a major role by investing in critical infrastructures in India related to the communications and power sector, hence making the Indian cyberspace vulnerable as China has key access to networks in India. The IT ministry will beef up its arsenal in order to respond effectively to the cyber attacks from the Chinese.

(With PTI inputs)

READ | Support In US For India Banning TikTok And Other Chinese Apps

READ | 59 Apps Banned: Mamata Asks Modi Govt To Give A 'more Befitting Reply' To China