Infinity New Tab Chrome extension shipped malware

Infinity New Tab was one of the legitimate Chrome extensions affected by the 2017 developer-account phishing spree. Attackers used stolen Chrome Web Store credentials to publish a malicious update through the official extension channel.

The affected release was Infinity New Tab 3.12.3. Because the extension controlled the browser's new-tab experience, a compromised update had a natural place to influence searches, redirects, and advertising without needing to break out of the browser.

Proofpoint grouped the extension with the broader Chrome Web Store hijacking spree. The common mechanics were maintainer phishing, a legitimate extension listing, and remote JavaScript tied to shared ad-fraud and redirection infrastructure.

This leaf record preserves the Infinity New Tab version and store boundary. The campaign record carries the shared phishing domains, redirect infrastructure, and cross-extension behavior.

Motive

Financial Gain

Attribution

Group

Cause

Phishing

Transitive

No

Actor

Cybercriminal

User Impact

1500000

• domainclick.rdr11.top
• domainchromedevelopment.site
• domainlogin.chromeextensions.info
• domainchromeextensions.info
• domainwd7bdb20e4d622f6569f3e8503138c859d.win
• domainsearchtab.win
• domainredirect2.top
• domainbrowser-updates.info
• domainpartner-net.men
• urlhttp://partner-net[.]men/code/pid/973820_BNX.js?rev=133

• Chrome extension developers under a barrage of phishing attacksbleepingcomputer.com
• Chrome extension developers under attacka9t9.com
• Threat actor goes on a Chrome extension hijacking spreeproofpoint.com
• Keeping our users safeblog.cloudflare.com
• Eight Chrome Extensions Hijacked to Deliver Malicious Code to 4.8 Million Usersbleepingcomputer.com