Windows 10: New look promises ce
Posted: Wed Apr 23, 2025 4:51 am
“They are trying to use popular Google Chrome extensions to secretly play videos in users’ browsers and increase view counts”
Our solutions have started giving repeated threat warnings to many Google Chrome users. Trojan.Multi.Preqw.gen , which Chrome attempted to download from a third-party website, has been specified as the source of the threat. We explain what it is and how to fix the problem.
Malicious extensions
Our experts, in collaboration with uk mobile database from Yandex, have discovered that people are exploiting more than twenty browser extensions to make Chrome work for them on users’ computers. The extensions that were designed to perform malicious activities include some very popular ones: Frigate Light, Frigate CDN, and SaveFrom.
These extensions installed on the browsers of more than 8 million users accessed a remote server in the background, attempting to download malicious code, a process that our security solutions detect as dangerous.
What were the attackers up to and how did this threaten users?
The attackers were interested in driving traffic to videos. In other words, the extensions were secretly playing certain videos in users’ browsers, increasing the view count on streaming sites.
The invisible video player was only activated when the user was actually browsing, so the inevitable computer slowdown could be attributed to Chrome's normal lag when under load.
According to our colleagues at Yandex, users of some of the extensions could occasionally hear the sound of videos that were playing in the background.
Additionally, the malicious plugins were intercepting access to a social network, likely to later inflate like counts. Regardless of the actual goals, a compromised social media account is something we’d rather avoid.
What can be done?
If your security solution starts detecting threats in Google Chrome or any other Chromium-based browser, the first thing you need to do is disable the malicious plugins, as this is what the security application reacts to. If you are not sure which of the plugins is dangerous, try disabling them one by one until you find the correct one(s).
Yandex, in turn, has automatically disabled several extensions in its Yandex.Browser (also based on Chromium) and continues to search for other plugins that pose a threat.
If you don’t already use Kaspersky products , but suspect that there is a dangerous application on your computer, it might be a good idea to install one of our solutions for home users. In fact, it’s worth doing anyway.
Our solutions have started giving repeated threat warnings to many Google Chrome users. Trojan.Multi.Preqw.gen , which Chrome attempted to download from a third-party website, has been specified as the source of the threat. We explain what it is and how to fix the problem.
Malicious extensions
Our experts, in collaboration with uk mobile database from Yandex, have discovered that people are exploiting more than twenty browser extensions to make Chrome work for them on users’ computers. The extensions that were designed to perform malicious activities include some very popular ones: Frigate Light, Frigate CDN, and SaveFrom.
These extensions installed on the browsers of more than 8 million users accessed a remote server in the background, attempting to download malicious code, a process that our security solutions detect as dangerous.
What were the attackers up to and how did this threaten users?
The attackers were interested in driving traffic to videos. In other words, the extensions were secretly playing certain videos in users’ browsers, increasing the view count on streaming sites.
The invisible video player was only activated when the user was actually browsing, so the inevitable computer slowdown could be attributed to Chrome's normal lag when under load.
According to our colleagues at Yandex, users of some of the extensions could occasionally hear the sound of videos that were playing in the background.
Additionally, the malicious plugins were intercepting access to a social network, likely to later inflate like counts. Regardless of the actual goals, a compromised social media account is something we’d rather avoid.
What can be done?
If your security solution starts detecting threats in Google Chrome or any other Chromium-based browser, the first thing you need to do is disable the malicious plugins, as this is what the security application reacts to. If you are not sure which of the plugins is dangerous, try disabling them one by one until you find the correct one(s).
Yandex, in turn, has automatically disabled several extensions in its Yandex.Browser (also based on Chromium) and continues to search for other plugins that pose a threat.
If you don’t already use Kaspersky products , but suspect that there is a dangerous application on your computer, it might be a good idea to install one of our solutions for home users. In fact, it’s worth doing anyway.