Google Chrome extensions spyware campaign targets 32 million users

Monday, 22 Jun, 2020

Most extensions are created to alert users about risky web sites, improving search on the Internet and convert the file formats. However, in actuality, they were stealing the browsing history of users and trying to gain access to any sensitive credentials they could get their hands on.

As of now, it is unclear who is behind the massive malware attack as it turned out that the developers supplied fake contact information to Google when they were submitting the extensions.

The extensions were also able to avoid the detection of antivirus companies and security software.

The release of the deep linking Chrome extension wasn't the only big news for users of the browser this week.

Following Awake's report, which was sent last month, Google took note of the matter and removed all the questionable extensions from the Chrome Web Store.

The safety professionals have called it the "most far-ranging destructive Chrome store campaign" ever before, as well as it had been ignored by Google.

Anyone using a corporate network, which would include security services, would not transmit the sensitive information or even reach the malicious versions of the websites.

Researchers from Awake found out that every malicious extension that they found was connected to Israel-based GalComm Internet domains. Awake researchers think Galcomm should have known what was happening, but the company's owner Moshe Fogel told Reuters the company did nothing wrong, and it's not involved in any way. Google has taken action against these most popular and widely downloaded Google Chrome extensions or add-ons, but the extent of the espionage campaign is still being ascertained.

It claims to offer "security you never have to think about".

Fogel said there clearly was no record of the inquiries Golomb said that he made in April and again in May to the business's email address for reporting abusive behavior, and he asked for a listing of suspect domains.

This experiment is a good start as many people blindly install extensions without understanding the risks behind them. Google said in 2018 it would improve the security and increase human review, but that did not prevent the spyware that Awake Security to sneak past them. That company says they have nothing to do with the nefarious activity, but it's been suggested that they should have at least questioned the suspect purchases. In February this year, the company joined an ongoing investigation and found 500 fraudulent extensions that stole data from about 1.7 million users. That information comes from the Awake co-founder, and chief scientist, Gary Golomb.