Fake Google Sheets Extension

During an investigation of deceptive websites, researchers uncovered a fake Google Sheets browser extension. This intrusive software masquerades as a legitimate spreadsheet application belonging to the web-based Google Docs Editors suite. It's important to highlight that this extension has no affiliation with Google Sheets, Google Docs Editors or Google LLC. 

Upon analysis, experts found that this fraudulent extension is designed to gather sensitive data from users, display intrusive browser notifications, and potentially engage in other harmful activities that can compromise users' privacy and security. Users should avoid downloading or using this unauthorized extension to protect themselves from potential data breaches or other negative consequences.

The Fake Google Sheets Extension May Collect Various Data While Installed

Upon analyzing the setup involving the fake Google Sheets extension, researchers discovered that it also installs additional unwanted and potentially malicious software onto systems.

Interestingly, this illegitimate extension was not directly installed on Google Chrome or Microsoft Edge browsers. Instead, the installer deposited the extension's folder, labeled 'Extension,' into the 'C:\Users[username]\AppData\Local\Temp' directory.

This method of installation is a persistence-enabling technique because simply removing the fraudulent Google Sheets extension from Chrome or Edge will not eliminate it permanently. Consequently, the software will reappear upon reopening the browser after a standard removal.

Moreover, having this extension on a device alters the Chrome or Edge browser's shortcut by appending --proxy-server="217.65.2.14:3333" to the target (note that the IP address may vary). Another tactic employed by this fake Google Sheets browser extension involves leveraging the 'Managed by your organization' feature in Google Chrome and Microsoft Edge.

Furthermore, this extension may intrusively monitor users' browsing activities. Rogue extensions typically harvest browsing and search engine histories, download records, internet cookies, login credentials (including usernames and passwords), and financial data, among others. This sensitive information could be sold to third parties or exploited for profit.

In addition to spying on users, this rogue extension may inundate browsers with spammy browser notifications. These notifications commonly promote online tactics, unreliable or hazardous software and potentially even malware. Additionally, the questionable browser extension may possess other harmful functionalities beyond those identified. Users take necessary measures to safeguard their systems against such threats and be careful.

How Rogue Applications Like the Fake Google Sheets Extension Spread?

The researchers obtained the setup containing the fake Google Sheets extension, along with other unwanted software, by downloading it from a scam page that employed an adult-themed lure. However, it's worth noting that this type of software could also be distributed through alternative websites and methods.

Extensions like this are commonly promoted on various scam websites and seemingly legitimate download pages. They often gain entry into users' systems through redirects triggered by intrusive advertisements, websites utilizing rogue advertising networks, misspelled URLs, spammy browser notifications, and adware.

Another potential distribution method is bundling, where legitimate program installers are packaged with unwanted or fraudulent add-ons. Users may inadvertently allow bundled content onto their devices by downloading from dubious sources such as freeware or free file-hosting sites, Peer-to-Peer (P2P) sharing networks, and similar channels. Additionally, careless installation practices—such as ignoring terms and conditions, skipping steps or sections, or using 'Quick' or 'Easy' installation settings—can increase the risk of inadvertently installing unwanted software.

Furthermore, intrusive advertisements play a significant role in proliferating rogue software. Clicking on certain advertisements can trigger scripts that initiate stealthy downloads or installations of unsafe programs without the user's explicit consent or awareness. Therefore, users should exercise caution and adopt safe browsing habits to mitigate the risk of encountering and inadvertently installing unwanted or harmful software on their devices.