Four malicious Chrome extensions may have impacted more than half million users. The extensions were likely used to conduct click fraud or black search engine optimization. ICEBRG noticed an unusual spike in outbound traffic volume from a customer workstation to a European VPS provider. The extension does not contain any malicious code, but the combination of two items of concern that allow attackers to. inject and execute an arbitrary. JavaScript code via the extension. extension is able to download obfuscated. JSON files from an external source (change-request[.]info), by invoking the update_presets() function.”]
Source: http://securityaffairs.co/wordpress/67807/cyber-crime/malicious-chrome-extensions-2.html