Over 100 Malicious Google Chrome Extensions Found Spying On Users

  •  
  •  
  •  
  • 3
  •  
  •  
  •  
    3
    Shares

Once again, cybercriminals have stealthily preyed on millions of Google users. Reportedly, Google removed numerous malicious Chrome extensions after researchers found them stealing users’ data.

Malicious Google Chrome Extensions

Researchers from the Awake Security Threat Research Team have published a detailed report highlighting their recent findings. As revealed, they found more than a hundred malicious Google Chrome extensions stealing users’ data.

Summarizing their findings in a blog post, Awake stated that they found 111 different Chrome extensions with suspicious or malicious activity. These extensions together boasted over 33 million downloads, hinting the number of users potentially affected by this incident.

In brief, these malicious extensions impersonated fake add-ons belonging to different domains. Once installed, the extensions kept on stealthily spying on users and stealing their data through various methods. As stated by the researchers,

These extensions can take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes (like passwords), etc.

What made them persist for long is the range of evasion techniques that the extensions employed to ditch security solutions. Consequently, the threat actors managed to establish a ‘persistent foothold’ on almost all networks.

Besides existing on the Chrome Store, many of these extensions also reached end-users’ devices via other means.

Investigating the matter further made the researchers identify the threat actors behind this campaign, the Israel-based domain registrar GalComm.

Briefly, these registrar registered thousands of domains, including 15,160 malicious domains. This makes about 60% of all GalComm registered Domains as malicious.

They then used these domains to distribute malicious extensions among the users. Researchers have shared the complete list of IDs of all these Chrome add-ons.

Google Removed 106 Extensions

Upon discovering the range of malicious domains, the researchers reached out to Google to inform them of the matter.

Following their report, Google removed about 106 of these extensions from the Chrome Store. Quoting a statement from Google spokesperson Scott Westover, Threatpost stated,

When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.

Like always, users should remain very careful before downloading or installing any browser add-on or app from untrusted sources.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!