Security Researchers Have Discovered A Huge Spying Effort Via Google Chrome

Recently, Awake Security researchers discovered a spyware effort that attacked people via over 32 million downloads of Google Chrome extensions. Google stated that the company removed over 70 malicious add-ons from Chrome Web Store after the researchers alerted Google last month.

Scott Westover, a Google’s spokesperson informed media outlets that its company takes action when it is alerted of extensions in the Web Store that violate Chrome’s policies. The free extensions siphoned off the browsing history of users and data that provided login credentials to internal business tools.

Gary Golomb, co-founder and chief scientist at Awake Security, stated that this is the most far-reaching malicious Chrome Web Store campaign. However, Google denied to provide details on how this spying effort compared with previous campaigns. The company also declined to provide details on why Google did not detect and removed the bad extensions on its own.

It is still not known who was behind this spying effort. Awake stated that the developers delivered fake contact info while submitting the bad extensions on Google. Ben Johnson, founder of Carbon Black and Obsidian Security, and a former National Security Agency engineer, stated that anything that gets you into the browser or email or other sensitive areas of other users will be a target for organized crime and national espionage.

Golomb explained that the developers designed these extensions to avoid being detected by antivirus software. The researchers discovered that if a user used the browser on a home PC, it would link to various websites and transfer information.

Over 15,000 of the domains in question were interlinked, and they were purchased from a small registrar in Israel, Galcomm. Moshe Fogel, Galcomm owner informed media outlets that their company is not involved in any malicious activity, plus they will cooperate with law enforcement and security agencies.

The ICANN (Internet Corporation for Assigned Names and Numbers) stated that it received few complaints related to Galcomm in the past, but it did not receive any complaint about malware. In 2018, Google stated that the company would enhance security by increasing human reviews. However, in Feb 2020, a Chrome campaign was discovered by Jamila Kaya and Cisco System’s Duo Security that stole data from approximately 1.7 million users. Then, Alphabet Inc’s Google discovered 500 fraudulent extensions.


Photo: S3studio/Getty Images

Read next: Google Confirms That The Company Is Experimenting To Hide The Complete Address From URL Bar In Chrome
Previous Post Next Post