Watch out! ‘The Great Suspender’ Chrome extension contains Malware

Pierluigi Paganini February 06, 2021

Google removed the popular The Great Suspender from the official Chrome Web Store for containing malware and deactivated it from the users’ PC.

Google on Thursday removed The Great Suspender extension from the Chrome Web Store. Million of users have installed the popular Chrome extension, the IT giant also took the proactive measure of deactivating it from users’ computers.

The extension had more than two million installs before it was removed from the Chrome store. The extension was used to suspend tabs that aren’t in use with the intent of saving resource. The extension replaces the suspended pages with a blank page until the users decide to use it again.

“This extension contains malware,” read the notification published by Google.

Experts discovered that a new maintainer of the extensions has secretly added a feature that could be exploited to remotely execute arbitrary code.

The malicious code could be exploited to carry out malicious activities, such as committing advertising fraud.

“The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more. In v7.1.8 of the extension (published to the web store but NOT to GitHub), arbitrary code was executed from a remote server, which appeared to be used to commit a variety of tracking and fraud actions. After Microsoft removed it from Edge for malware, v7.1.9 was created without this code: that has been the code running since November, and it does not appear to load the compromised script. The malicious maintainer remains in control, however, and can introduce an update at any time. Well, they could until Google nuked the extension from their store.” reads a post published by Calum McConnell on GitHub. “The Great Suspender has been removed from the Chrome Web Store.” 

Microsoft blocked The Great Suspender extension since November for the presence of malicious code.

The extension’s original creator Dean Oemcke sold the extension in June 2020 to an unidentified party, since then the new maintainer uploaded two new versions on the Chrome store, 7.1.8 and 7.1.9.

If you have lost tabs due to the extension being removed read the following post:

“The extension comes with its own tab history management UI to help users recover from lost tabs. Go to the extension options page (from ‘settings’ in the popup or ‘options’ when right-clicking on the extension). Then in the settings sidebar click on ‘Session management’. This will show you your most recent tab sessions. You can click on each session to see more detail on the individual windows and tabs it contains. To reload a session, simply click the ‘reload’ link. This will reload all windows and tabs in an ‘unsuspended’ state. If your session contains a very large number of tabs, then you might instead want to click ‘resuspend’ which will be much faster as it reloads the tabs in a suspended state.”

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment