LNKR malware

What is LNKR Google Chrome Extension Malware?

LNKR malware uses browser extensions in Googles Chrome to track browsing movements and activities of users and then overlays ads on legitimate websites. Using extensions to add code that executes in a user’s browser is a common and lucrative monetization technique on the internet, where spyware, adware, and other browser-based nuisances have thrived since the early days.

LNKR spreads via illegitimate browser extensions, which add malicious Javascript to web pages a user visits. This code allows LNKR to record browser sessions to identify frequently visited sites, and overlay ads from which threat actors can monetize. However, LNKR is a bit more robust than your average malicious browser extension—it also looks for pages to which a user has write-access and can edit. With this access, the cyber threat can inject JavaScript code directly on the site to spread beyond the limited scope of a browser extension. This includes users using Microsoft Office 365 online in Chrome! While we have not observed LNKR uploading any external JavaScript other than its own, the ability to inject JavaScript allows threat actors to upload any kind they want, including Magecart or other malware.

What Is a browser extension?

To understand how LNKR malware is used and how it can affect you, we must first understand what a browser extension is. Browser extensions are small software add-on software programs built to customize a user’s browsing experience. They enable users to tailor browser functionality and behavior to individual needs or preferences. Browser extensions expand the user’s web browser with additional features that enable them to do magical things. Usually, tools that help with grammar/spelling (Grammarly), or delivery updates, etc (Amazon) are an example of what I use.

Extensions can also be designed to modify web pages you visit or integrate your browser with the other services you use, for example, Ad-blockers, VPN and HTTPS Everywhere. They are built on web technologies such as JavaScript, CSS, and HTML.

Browser extensions especially in Google Chrome (most widely used) are now a part of everyday life, are largely excepted by most users globally. Many of us, myself included, have become strangely dependant on customization that browsers and their extensions provide us with. It will come as no real surprise then that cybercriminals are leveraging extensions to attack browser and your online activity.

Can you protect yourself LNKR extensions?

The obvious and best way to protect yourself from LNKR extensions is to use only necessary add-on extensions. You can reduce your risk to exposure by simply removing extensions you do not use, Chrome has many pre-loaded extensions which should also be removed if you do not need them.

Only install trusted extensions from reputable sources. Read the reviews and looks at user and developer feedback to make sure the extension is regularly updated for security reasons. The longer the extension has been in use will also instill a level of trust, be wary of any extensions that do not have user reviews, and may seem new! If during installation you are presented with a prompt to challenge permissions, make sure that file sharing access is not given.

Removing extensions from within Chrome

  1. Click on the three dots at the top right corner of your Chrome browser
  2. Click ‘More Tools’
  3. Select the ‘Extensions’ option
  4. Locate the extension you want to remove
  5. Click the remove tab.

FINRA: Phishing Emails Targeting Financial Companies

What is typosquatting?

What’s the Difference Between Spear Phishing and Whaling?