IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Malicious extensions target Chrome users

Google removed more than 70 malicious add-ons from Chrome as a result

Researchers at Awake Security told Reuters a recently discovered spyware campaign attacked users via 32 million downloads of extensions from Google’s Chrome web browser. More than 70 of the malicious add-ons were removed after Awake Security researchers alerted Google of the issue last month.

According to Awake Security, the free extensions used in the campaign claimed to warn users about questionable websites or assist them with converting files into different formats. Instead, the extensions obtained a user’s browsing history and data in an attempt to secure credentials used to access internal corporate tools. 

Based on the number of downloads, Awake Security co-founder and chief scientist Gary Golomb states this campaign marks the farest-reaching malicious Chrome store campaign to date. At this time, however, Google has declined to discuss how this campaign compares with those before it, the extent of the damage this particular campaign has caused or why the tech giant couldn’t detect and remove the extensions on its own.

Google spokesman Scott Westover told Reuters, “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”

While it remains unclear who was behind the malware campaign, Awake Security tracked the domains used to register the extensions back to Galcomm, a registrar in Israel also formally known as CommuniGal Communication Ltd. Though Awake Security claims Galcomm should have known what was taking place after Golomb reported the problem to them, Galcomm owner Moshe Fogel was steadfast in telling Reuters his company is not at fault.

“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel told Reuters in an email. 

Fogel claims to have no record of Golomb’s inquiries or reports, and when asked by Reuters to provide a list of suspect domains he was unable to provide a substantive response.

Malicious developers have been using Google’s Chrome Store as a means to distribute their campaigns for some time now. In 2018, Google claimed it would improve security related to Chrome add-ons. However, in February, independent researcher Jamila Kaya and Cisco Systems’ Duo Security discovered a similar Chrome campaign using fraudulent extensions had stolen data from 1.7 million users.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Chrome vs Firefox vs Microsoft Edge
web browser

Chrome vs Firefox vs Microsoft Edge

19 Jul 2022
Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins
operating systems

Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins

27 May 2022
Google Chrome branded the least effective browser for stopping phishing attacks
phishing

Google Chrome branded the least effective browser for stopping phishing attacks

26 May 2022
Google patches second Chrome browser zero-day of 2022
zero-day exploit

Google patches second Chrome browser zero-day of 2022

28 Mar 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022