Great Britain

Google Chrome extensions stole browsing data in widest-reaching malware campaign ever

Google Chrome has been used to transmit spyware, as 32 million downloads of extensions to the browser carried malicious add-ons according to researchers at Awake Security.

The researchers alerted Google, who removed over 70 pieces of software from its official Chrome Web Store.

Most of the free extensions purported to warn users about questionable websites or convert files from one format to another.

Download the new Independent Premium app

Sharing the full story, not just the headlines

Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.

It is the widest-reaching Chrome store campaign to date, according to Awake Security’s chief scientist Gary Colomb.

It is unclear who is responsible for this campaign, however, as developers supplied fake contact information when they submitted the extensions to Google.

The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputations of web domains.

“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said.

“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesperson Scott Westover said.

Google declined to discuss how the latest spyware compared with prior campaigns, the breadth of the damage, or why it did not detect and remove the bad extensions on its own despite past promises to supervise offerings more closely.

All the domains used were purchased from a registrat in Israel, Galcomm, also known as CommuniGal Communication.

“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel wrote. “You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”

Fogal also claimed that there were no records of inquiries from Awake Security, and asked for a list of suspected domains. Upon being provided with a list, Fogel did not provide further clarification.

Awake Security says the company should have been aware of the actions being undertaken.

The Internet Corp for Assigned Names and Numbers, which oversees registrars, said it had received few complaints about Galcomm over the years, and none about malware.

Additional reporting by Reuters

Football news:

Lokomotiv – CSKA. Who will win the last top match of the season?
Guardiola on the abolition of the ban are Incredibly happy. All that people were talking about Manchester City, wasn't true
Mourinho on the abolition of the ban city: Shame. I don't know if they're guilty or not. I criticize the decision
Real want to sign Mbappe in 2021. Madrid is confident that he will not extend his contract with PSG
Barcelona offered Coutinho to Arsenal and Newcastle (Goal.com)
Klopp about FFP: Yesterday wasn't a good day. If the richest clubs and countries do what they want, it will complicate the situation
Bale trolls real even on the bench: bored, sleeping and looking through a telescope