Google Chrome users installing browser extensions frequently must read this!
Not all Google Chrome extensions are created equal. Some may be potentially dangerous too. Very dangerous. Researchers at Awake Security (via Reuters) have unearthed what’s being claimed to be the most far-reaching spyware campaign on Google Chrome ever, with hackers distributing malware under the guise of browser extensions.
While the extent of the damage is unknown, the researchers said infected extensions were downloaded 32 million times. Google said it had removed more than 70 malicious extensions, possibly involved in the spyware campaign, from the Chrome Web Store after Awake’s red-flag last month.
The researchers said most of these extensions were free and designed to warn users about harmful websites or change file formats, on the surface. Clearly, hackers took to the most basic (and biggest) of use cases to carry out their nefarious activities. Once installed, they were capable of keeping tabs on users’ browsing history and other private data. What made matters worse was the fact that these malicious extensions were “smart” enough to know if users had antivirus software or stricter security protocols in place. This meant, casual users at home were at a greater risk of being spoofed, rather than corporations and businesses.
All these extensions would connect to a series (of more than 15,000) websites linked to each other and then transmit, or rather steal, user information. The researchers said the malicious domains were purchased from Israel-based Galcomm (formerly CommuniGal Communication). Galcomm meanwhile said it had done nothing wrong.
Because the developers behind the Chrome extensions used fake contact information while submitting them to the Chrome Web Store, tracking them down would be easier said than done for Google.
Such spyware campaigns aren’t new for Chrome. In fact, there was a time when one in every 10 extension submissions was deemed malicious, but it’s baffling that a campaign of such scale is happening now, after Google claimed to have ramped up on security in 2018.