Malicious extensions target Chrome users

Google removed more than 70 malicious add-ons from Chrome as a result

Researchers at Awake Security told Reuters a recently discovered spyware campaign attacked users via 32 million downloads of extensions from Google’s Chrome web browser. More than 70 of the malicious add-ons were removed after Awake Security researchers alerted Google of the issue last month.

According to Awake Security, the free extensions used in the campaign claimed to warn users about questionable websites or assist them with converting files into different formats. Instead, the extensions obtained a user’s browsing history and data in an attempt to secure credentials used to access internal corporate tools. 

Based on the number of downloads, Awake Security co-founder and chief scientist Gary Golomb states this campaign marks the farest-reaching malicious Chrome store campaign to date. At this time, however, Google has declined to discuss how this campaign compares with those before it, the extent of the damage this particular campaign has caused or why the tech giant couldn’t detect and remove the extensions on its own.

Google spokesman Scott Westover told Reuters, “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”

While it remains unclear who was behind the malware campaign, Awake Security tracked the domains used to register the extensions back to Galcomm, a registrar in Israel also formally known as CommuniGal Communication Ltd. Though Awake Security claims Galcomm should have known what was taking place after Golomb reported the problem to them, Galcomm owner Moshe Fogel was steadfast in telling Reuters his company is not at fault.

“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel told Reuters in an email. 

Fogel claims to have no record of Golomb’s inquiries or reports, and when asked by Reuters to provide a list of suspect domains he was unable to provide a substantive response.

Malicious developers have been using Google’s Chrome Store as a means to distribute their campaigns for some time now. In 2018, Google claimed it would improve security related to Chrome add-ons. However, in February, independent researcher Jamila Kaya and Cisco Systems’ Duo Security discovered a similar Chrome campaign using fraudulent extensions had stolen data from 1.7 million users.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Dell Latitude Chromebook 7410 review: A security-conscious Chromebook with no staying power
Laptops

Dell Latitude Chromebook 7410 review: A security-conscious Chromebook with no staying power

7 Apr 2021
Acer Chromebook 714 review: Unfussy, affordable and effective
Laptops

Acer Chromebook 714 review: Unfussy, affordable and effective

19 Mar 2021
Chrome vs Firefox vs Microsoft Edge
web browser

Chrome vs Firefox vs Microsoft Edge

26 Feb 2021
HP Pro c640 Chromebook review: Nailing the basics
Laptops

HP Pro c640 Chromebook review: Nailing the basics

15 Jan 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021