A rogue Google extension is granting invasive permissions that let the app spy on user activity, according to security firm Malwarebytes.
A recent analysis by the firm warned of a malvertising campaign that hit Google's Chrome browser and pushed users into installing a dodgy extension called iCalc.
The extension, in the guise of a common calculator application, was downloaded close to 1,000 times before it was yanked from the official web store.
Cyber criminals using extensions as an entry point to infect computers is becoming more common, according to Jérôme Segura, senior security researcher at Malwarebytes.
"One of the main points of entry is via rogue browser extensions which are increasingly becoming a problem and are being leveraged in various types of attacks including data theft, spying, pop-up ads and more," he said.
"Even though the surface of attack is smaller than that of a typical Windows PC, online crooks will always find a way to abuse the system."
In this instance, Malwarebytes said that the extension had clear "tell-tale" signs of being malicious, including a lack of screenshots or reviews on the download store and requiring an extremely invasive set of permissions.
What's worse, it didn't even contain the advertised calculator. Instead, it granted the extension the ability to "read and change" all data on websites visited by the user. Analysis further revealed the inclusion of a set of malicious scripts to create a proxy and perform website interception requests.
Shortly after Google removed the extension, Malwarebytes observed the same malvertising campaign being used to force a different variant of the Chrome extension, this time redirecting unwitting users to a social networking website.
"Chrome extensions are very much like Android apps as they require certain permissions (access to your contacts, microphone and camera) and unfortunately more often than not they require more rights than they ought to have," said Segura.
"Additionally, a lot of people don't really understand what those mean and will install these extensions and forget about them."
Segura also revealed that typical adware players are increasingly pushing rogue extensions using techniques including offering free coupons, recipes and even video content.
"Often their motivation is to harvest your browsing habits and resell them to marketing companies to target you with ads," he said.
It was revealed last year that the threat of malvertising was on the rise, and is increasingly being used by cyber criminals to exploit flaws in popular software such as Adobe Flash.
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith