Malicious extensions target Chrome users

Google removed more than 70 malicious add-ons from Chrome as a result

Researchers at Awake Security told Reuters a recently discovered spyware campaign attacked users via 32 million downloads of extensions from Google’s Chrome web browser. More than 70 of the malicious add-ons were removed after Awake Security researchers alerted Google of the issue last month.

According to Awake Security, the free extensions used in the campaign claimed to warn users about questionable websites or assist them with converting files into different formats. Instead, the extensions obtained a user’s browsing history and data in an attempt to secure credentials used to access internal corporate tools. 

Based on the number of downloads, Awake Security co-founder and chief scientist Gary Golomb states this campaign marks the farest-reaching malicious Chrome store campaign to date. At this time, however, Google has declined to discuss how this campaign compares with those before it, the extent of the damage this particular campaign has caused or why the tech giant couldn’t detect and remove the extensions on its own.

Google spokesman Scott Westover told Reuters, “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”

While it remains unclear who was behind the malware campaign, Awake Security tracked the domains used to register the extensions back to Galcomm, a registrar in Israel also formally known as CommuniGal Communication Ltd. Though Awake Security claims Galcomm should have known what was taking place after Golomb reported the problem to them, Galcomm owner Moshe Fogel was steadfast in telling Reuters his company is not at fault.

“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel told Reuters in an email. 

Fogel claims to have no record of Golomb’s inquiries or reports, and when asked by Reuters to provide a list of suspect domains he was unable to provide a substantive response.

Malicious developers have been using Google’s Chrome Store as a means to distribute their campaigns for some time now. In 2018, Google claimed it would improve security related to Chrome add-ons. However, in February, independent researcher Jamila Kaya and Cisco Systems’ Duo Security discovered a similar Chrome campaign using fraudulent extensions had stolen data from 1.7 million users.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Asus Chromebook CX9 (CX9400CE) review: The most stylish Chromebook on the market
Laptops

Asus Chromebook CX9 (CX9400CE) review: The most stylish Chromebook on the market

18 Jan 2022
Chrome vs Firefox vs Microsoft Edge
web browser

Chrome vs Firefox vs Microsoft Edge

8 Dec 2021
Chromebook shipments plunge due to 'shift in demand'
Laptops

Chromebook shipments plunge due to 'shift in demand'

1 Nov 2021
Asus Chromebook CX1 (CX1100CN) review: A cut-price compromise
Laptops

Asus Chromebook CX1 (CX1100CN) review: A cut-price compromise

15 Oct 2021

Most Popular

Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
UK businesses urged to join four-day working week trial
Business operations

UK businesses urged to join four-day working week trial

17 Jan 2022