Malicious extensions target Chrome users

Google removed more than 70 malicious add-ons from Chrome as a result

Chrome browser logo

Researchers at Awake Security told Reuters a recently discovered spyware campaign attacked users via 32 million downloads of extensions from Google’s Chrome web browser. More than 70 of the malicious add-ons were removed after Awake Security researchers alerted Google of the issue last month.

According to Awake Security, the free extensions used in the campaign claimed to warn users about questionable websites or assist them with converting files into different formats. Instead, the extensions obtained a user’s browsing history and data in an attempt to secure credentials used to access internal corporate tools. 

Based on the number of downloads, Awake Security co-founder and chief scientist Gary Golomb states this campaign marks the farest-reaching malicious Chrome store campaign to date. At this time, however, Google has declined to discuss how this campaign compares with those before it, the extent of the damage this particular campaign has caused or why the tech giant couldn’t detect and remove the extensions on its own.

Google spokesman Scott Westover told Reuters, “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”

While it remains unclear who was behind the malware campaign, Awake Security tracked the domains used to register the extensions back to Galcomm, a registrar in Israel also formally known as CommuniGal Communication Ltd. Though Awake Security claims Galcomm should have known what was taking place after Golomb reported the problem to them, Galcomm owner Moshe Fogel was steadfast in telling Reuters his company is not at fault.

“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel told Reuters in an email. 

Fogel claims to have no record of Golomb’s inquiries or reports, and when asked by Reuters to provide a list of suspect domains he was unable to provide a substantive response.

Malicious developers have been using Google’s Chrome Store as a means to distribute their campaigns for some time now. In 2018, Google claimed it would improve security related to Chrome add-ons. However, in February, independent researcher Jamila Kaya and Cisco Systems’ Duo Security discovered a similar Chrome campaign using fraudulent extensions had stolen data from 1.7 million users.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

HP Pro c640 Chromebook review: Nailing the basics
Laptops

HP Pro c640 Chromebook review: Nailing the basics

15 Jan 2021
Malware found on popular Facebook, Instagram and Vimeo browser extensions
malware

Malware found on popular Facebook, Instagram and Vimeo browser extensions

17 Dec 2020
Google sets a date for Chrome extension privacy revamp
web browser

Google sets a date for Chrome extension privacy revamp

10 Dec 2020
Is this the beginning of the end for Google?
Policy & legislation

Is this the beginning of the end for Google?

6 Dec 2020

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021