Awake Security identified 111 malicious chrome extensions by the end of February and the end of May 2020, that had been downloaded almost 33 million times
Awake Security identified 111 malicious chrome extensions by the end of February and the end of May 2020, that had been downloaded almost 33 million times.
Google Chrome is the cross-platform web browser developed by Google and has 2 billion users around the world.
Most extensions purported to warn users about dangerous websites, improve web searches, and convert file formats.
According to cybersecurity firm Awake, based in Santa Clara (California, USA), the developers gave Google fake contact information when submitting the extensions to the Chrome Web Store.
“Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organised crime,” said former National Security Agency engineer Ben Johnson.
The extensions actively siphoned data such as screenshots, contents in the clipboard, gathered browsing history, keystrokes to steal passwords, and browser cookies used to log in to websites.
The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputation of web domains.
Researchers found that anyone using the web on a home computer to surf, would connect to a series of websites and transmit sensitive information.
Most of the extensions were modular, that means it gets updated by itself with executable files once installed.
Those using Chrome on corporate networks, however, were safe as the extensions would not send the data or even connect to the malicious websites.
Awake analysed more than 100 networks ranging from financial services, oil and gas, media and entertainment, health care and pharmaceuticals, retail and found that the actors behind the activities ascertained a foothold in almost all of the fields.
There were more than 15,000 malicious domains used, all of which were registered through a small registrar in Israel called Galcomm.
“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” said Galcomm owner Moshe Fogel. “You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”
“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” said Golomb.
Google has deactivated the Chrome extensions in each user’s browser. Users can visit the chrome://extensions page and check if any malicious extensions are installed and remove them from their browsers.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: Private Zoom Video Recordings Exposed Online