Malicious extensions target Chrome users

Google removed more than 70 malicious add-ons from Chrome as a result

Researchers at Awake Security told Reuters a recently discovered spyware campaign attacked users via 32 million downloads of extensions from Google’s Chrome web browser. More than 70 of the malicious add-ons were removed after Awake Security researchers alerted Google of the issue last month.

According to Awake Security, the free extensions used in the campaign claimed to warn users about questionable websites or assist them with converting files into different formats. Instead, the extensions obtained a user’s browsing history and data in an attempt to secure credentials used to access internal corporate tools. 

Based on the number of downloads, Awake Security co-founder and chief scientist Gary Golomb states this campaign marks the farest-reaching malicious Chrome store campaign to date. At this time, however, Google has declined to discuss how this campaign compares with those before it, the extent of the damage this particular campaign has caused or why the tech giant couldn’t detect and remove the extensions on its own.

Google spokesman Scott Westover told Reuters, “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”

While it remains unclear who was behind the malware campaign, Awake Security tracked the domains used to register the extensions back to Galcomm, a registrar in Israel also formally known as CommuniGal Communication Ltd. Though Awake Security claims Galcomm should have known what was taking place after Golomb reported the problem to them, Galcomm owner Moshe Fogel was steadfast in telling Reuters his company is not at fault.

“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel told Reuters in an email. 

Fogel claims to have no record of Golomb’s inquiries or reports, and when asked by Reuters to provide a list of suspect domains he was unable to provide a substantive response.

Malicious developers have been using Google’s Chrome Store as a means to distribute their campaigns for some time now. In 2018, Google claimed it would improve security related to Chrome add-ons. However, in February, independent researcher Jamila Kaya and Cisco Systems’ Duo Security discovered a similar Chrome campaign using fraudulent extensions had stolen data from 1.7 million users.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Asus Chromebox 4 review: Capable, versatile, but not fast
Hardware

Asus Chromebox 4 review: Capable, versatile, but not fast

21 Jul 2021
Chrome vs Firefox vs Microsoft Edge
web browser

Chrome vs Firefox vs Microsoft Edge

7 Jul 2021
Lenovo IdeaPad Flex 5 Chromebook review: A dependable workhorse
Laptops

Lenovo IdeaPad Flex 5 Chromebook review: A dependable workhorse

30 Jun 2021
Acer Chromebook Spin 713 review: A high-end package with a budget price
Laptops

Acer Chromebook Spin 713 review: A high-end package with a budget price

28 Jun 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021