Chrome Extensions Abused for View Count Inflation

By Bill Toulas / December 26, 2020

According to a report by Kaspersky, its internet security solution has spotted a malicious activity that abused three popular Chrome extensions found in at least eight million computers out there. These are ‘Frigate Light’, ‘Frigate CDN’, and ‘SaveFrom’. The antivirus company has found that someone tried to generate traffic to certain videos and register fake views on streaming sites, and they used a type of an invisible video player that runs in the background while the user was browsing the web.

This was made possible by abusing Chrome extensions and planting them via POST requests made to malicious websites. This kind of activity raised alarms in Kaspersky’s solution, and soon, the researchers identified the source of the threat. Apart from the three extensions mentioned in the first paragraph, Kaspersky discovered another twenty, less widely used, and not fully functional.

In some cases, and depending on the extension that was used, people heard the sound of the video coming seemingly out of nowhere. In weaker computers and slower internet connections, users noticed performance hiccups. In most cases, though, the video playing activity remained well-hidden, and the hackers achieved the goal of generating fake views on the content of their choice.

Kaspersky has reached out to the extension developers, Google, and Yandex (for the Chromium-based Yandex Browser) to report the alarming findings. From the user’s perspective, what can be done is to disable all plugins and then gradually enable them one by one until the culprit is found.

You should also keep the number of installed and running extensions on your browser at the absolute minimum necessary, only install from the official Chrome Web Store, and always read the user reviews carefully. Finally, check the developer's background and visit their website to read the privacy policy of their project carefully. If you’re asked to grant permissions, review the requests in detail.

Google has promised to make the extensions space safer for users in 2021, and they already took steps in that direction in 2020, but users remain at the epicenter of responsibility. No matter how stringent Google’s policies towards plugin developers become, you will regret it if you ignore all signs of fraud. In this case, the damage done to the victims wasn’t as significant as it could practically be, but the potential for a more severe compromise was there.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: