Most extensions are created to alert users about risky web sites, improving search on the Internet and convert the file formats. However, in actuality, they were stealing the browsing history of users and trying to gain access to any sensitive credentials they could get their hands on.
As of now, it is unclear who is behind the massive malware attack as it turned out that the developers supplied fake contact information to Google when they were submitting the extensions.
The extensions were also able to avoid the detection of antivirus companies and security software.
The release of the deep linking Chrome extension wasn't the only big news for users of the browser this week.
The safety professionals have called it the "most far-ranging destructive Chrome store campaign" ever before, as well as it had been ignored by Google.
Anyone using a corporate network, which would include security services, would not transmit the sensitive information or even reach the malicious versions of the websites.
Researchers from Awake found out that every malicious extension that they found was connected to Israel-based GalComm Internet domains. Awake researchers think Galcomm should have known what was happening, but the company's owner Moshe Fogel told Reuters the company did nothing wrong, and it's not involved in any way. Google has taken action against these most popular and widely downloaded Google Chrome extensions or add-ons, but the extent of the espionage campaign is still being ascertained.
It claims to offer "security you never have to think about".
Fogel said there clearly was no record of the inquiries Golomb said that he made in April and again in May to the business's email address for reporting abusive behavior, and he asked for a listing of suspect domains.
This experiment is a good start as many people blindly install extensions without understanding the risks behind them. Google said in 2018 it would improve the security and increase human review, but that did not prevent the spyware that Awake Security to sneak past them. That company says they have nothing to do with the nefarious activity, but it's been suggested that they should have at least questioned the suspect purchases. In February this year, the company joined an ongoing investigation and found 500 fraudulent extensions that stole data from about 1.7 million users. That information comes from the Awake co-founder, and chief scientist, Gary Golomb.
- British Police Arrest Libyan Man after Knife Attack in Reading
- Defectors prepare packages to send to N Korea despite tensions
- Apex Legends Is Getting Cross-Play Across All Platforms This Fall
- Modi denies Chinese incursion into India before deadly clash
- First gameplay trailer released for Star Wars Squadrons
- Cream of Wheat to review use of chef mascot on packaging
- IOS Tipped to Be Renamed to iPhoneOS Ahead of WWDC 2020
- Pakistani cities to witness ring of fire solar eclipse on June 21
- Apple Rejects Facebook Gaming App on iOS App Store
- Dame Vera Lynn, much loved British singer, dies aged 103