Google has removed several dozen malicious extensions from the Chrome Web Store that could alter search results, distribute spam, or insert unwanted advertisements. Collectively, these extensions have been downloaded and installed 75 million times.

The malware was first discovered by cybersecurity researcher Volodymyr Palant. During the analysis of the PDF Toolbox extension, the expert discovered that it contains secret code that allows optional JavaScript code to be added to any site the user visits. The code is activated 24 hours after the extension is installed; this is typical behavior of this type of malware.

Palant later discovered 17 more similar malicious extensions. Avast researchers have been added to the list and as a result 32 malicious extensions have been discovered. Among the most popular of these are Autoskip for YouTube with 9 million active users, Soundboost with 6.9 million and Crystal Ad block with 6.8 million.

Google stated that these extensions have already been removed from the Chrome Web Store. Although the extensions have been removed from the store, they are under attack until users manually remove them from their computers. The full list of malicious extensions can be found here.