Google Chrome Removed Malicious Extensions Used in Payrolls, Emails, and Other Sensitive Functions

Thousands of Google Chrome extensions or web browser add-ons have helped millions of Chrome users in various activities, including creating payrolls, emails, and other sensitive functions.

But it turns out 111 of these extensions are being used in a massive spying campaign, and millions of users might have been affected.

Google Chrome extensions involved in massive spying campaign
A security company has found over 100 Google Chrome extensions that spy on users. Deepanker Verma from Pixabay

Security Company Found Malicious Google Chrome Extensions

In a report by Reuters, researchers from Awake Security said they had found a spyware effort that attacked Google Chrome users through extensions downloaded by 32 million people.

They have also highlighted the internet giant's failure to protect its users, primarily since the extensions were mainly used for functions wherein sensitive information is included and could be leaked.

The researchers alerted Google last month, and since then, the company has removed over 70 of these malicious web browser extensions from its official Chrome Web Store.

"When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses," said Scott Westover, a Google spokesperson.

The Biggest Spying Campaign

According to Gary Golomb, Awake's co-founder and chief scientist, this was the most massive malicious Chrome store campaign up to date by looking at the sheer number of downloads these extensions had.

Most of these malicious spyware is used by Chrome users to convert different files from one format to another or would allegedly warn users of questionable websites.

However, they would siphon the users' browsing data and history wherein they could acquire credentials to allow them access to internal business tools.

As of now, it is unclear who is behind the massive malware attack as it turned out that the developers supplied fake contact information to Google when they were submitting the extensions.

However, according to CNN, researchers at Awake said they linked the extensions associated with the massive spying campaign back to Galcomm, an Israeli web hosting company that claimed to be managing about 250,000 browser domains.

"By exploiting the trust placed in it as a domain registrar, Galcomm has enabled malicious activity that has been found across more than a hundred networks we've examined," Awake wrote.

CNN reached out to Galcomm, but the owner has denied all allegations that they have something to do with the attack on Google Chrome and its users.

Galcomm Says They Did Nothing Wrong

Moshe Fogel, the owner of Galcomm, remains adamant that the company has done nothing wrong and "not in complicity with any malicious activity whatsoever," and that they are actually cooperating with security bodies and law enforcement to avoid such scenarios.

Additionally, Fogel also claimed there is no record of the inquiries that happened in April and in May, according to Golomb's statements.

He also asked for a list of the suspected domains and said that the majority of those in the list are inactive and that they are investigating the situation further.

The extensions were also able to avoid the detection of antivirus companies and security software.

"Anything that gets you into somebody's browser or email or other sensitive areas would be a target for national espionage as well as organized crime," said Ben Johnson, former National Security Agency engineer.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics