One of the best things about the Google Chrome browser is the wide variety of extensions at your disposal. These extensions can go a long way in making your web browsing experience better. However, as we’ve seen in the past, extensions can be malicious, especially if they’re given broad access to monitor your activity on all websites, and Google isn’t always quick to catch them. Recently, Google removed 70 such extensions, but not before they were downloaded 32 million times from the Chrome Web Store as of May 2020.
According to a report by Reuters, researchers at Awake Security discovered a large spyware campaign through Chrome extensions. Developers of the 111 malicious or fake extensions disguised their identities with false information and the tools were designed to circumvent antivirus software. The extensions were able to send user data and browsing history through a network of more than 15,000 malicious domains, which all happened to be bought from a single registrar in Isreal. The company, called Galcomm, denies having anything to do with the malicious activity.
Summary of malicious domains uncovered by Awake Security. Source: Awake Security.
Since the initial report, Awake Security has published the full list of Chrome extensions that were removed. Here is the full list of extension IDs. Most of these extensions were advertised to warn users of questionable websites or convert files but were instead taking screenshots, reading the clipboard, harvesting credential tokens from cookies or parameters, grabbing user keystrokes, and more. The researchers claim this was the most far-reaching malicious Chrome store campaign to date.
An example of a lure to install a malicious Chrome extension. Source: Awake Security.
Google has given its typical response to these situations, saying it does routine security sweeps and removes malicious extensions when necessary. This isn’t the first time developers have used Chrome extensions for malicious reasons and it won’t be the last. Google has said it would improve security, but as mentioned, this was the largest campaign to date. They clearly still have their work cut out for them.
Source: Awake Security | Via: Reuters