The massive spying campaign targeting Chrome users was exposed by researchers at Awake Security.
Over the past few months, we’ve uncovered various times how threat actors have been targeting Google Chrome users through malicious extensions. Turns out, the game continues with another similar incident just recently reported.
Discovered by Awake Security, 70 new malicious Chrome extensions have been found boasting over 32 million downloads in totality. To put the number of downloads into perspective, according to the co-founder & chief scientist of Awake – Gary Golomb – to date, this happens to be the largest malicious campaign targeting Chrome.
According to the firm, these extensions were posing as tools meant to convert files between different formats. However, in actuality, they were stealing the browsing history of users and trying to gain access to any sensitive credentials they could get their hands on.
The reason why they managed to evade detection was because of the techniques they used such as not targeting corporate networks which could have been potential of cybersecurity firms who may have reported them.
As for the culprits behind this, the contact information provided to Google upon the initial submission of the Chrome extensions was found to be fake.
On the other hand, the data collected was being sent to more than 15,000 domains that were registered from an Israeli based company called Communigal Communication Ltd. The firm though refused the notion that they were somehow involved in the attack campaign with its owner specifically telling Reuters the following:
Galcomm is not involved, and not in complicity with any malicious activity whatsoever. You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.
To conclude, users need to continue being wary of the tools or applications they use and allow access to their content. A good strategy is to evaluate the developers and carefully read the reviews listed.
This, nonetheless, is not foolproof and there will always be room for mistakes. On the other hand, Google needs to ask itself internally as to why such incidents persist with enough precedents that should have helped it tackled the issue at hand.
That said, the company’s response no doubt is on point with a statement from the company best reflecting this to assure us:
When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.
Fortunately, these were live until May 2020 when they were finally reported to Google by the researchers and got removed from the Chrome store.