Google removes 106 slightly too curious Chrome extensions

Google removes 106 slightly too curious Chrome extensions Cybersecurity

Google continues its great spring cleaning. The American giant has just deleted 106 malicious Chrome extensions, all caught in the bag to collect sensitive user data. These 106 extensions are part of a batch of 111 Chrome extensions that were identified as malicious in a report released today by the cybersecurity company Awake Security.

According to Awake, these extensions pose as tools to improve web searches, convert files to different formats, like security scanners, and more. But in reality, Awake indicates that these extensions contained code allowing to bypass the security scanners of the Google Chrome online store, to take screenshots, to read the clipboard, to collect authentication cookies or enter user keystrokes (such as passwords).

Awake believes that all the extensions were created by a single actor, although the company has not yet identified him. The main connection between all the extensions was that they returned user data to domains registered through the GalComm domain registrar.

A single source

In addition, Awake claims that many extensions also appeared to share the same graphics and the same code base, with slight modifications. In some cases, the extensions even had the same version number and descriptions, the company said in its report. Awake says that in May 2020, when it contacted Google, the 111 malicious extensions had been downloaded 32.9 million times.

Based on internal telemetry, Awake indicates that some of these extensions were found on the networks of “financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, retail, high technology, higher education and government organizations, “effectively acting as backdoors in private networks and spying tools – although there is no evidence that they were used as such.

The company has provided the list of 111 malicious extensions identified here. Harry Denley, director of security for the MyCrypto platform, provided ZDNet with the status of each extension. At the time of writing, only five of the 111 extensions reported by Awake to Google are still online at the Chrome Web Store. As is standard practice, Google has disabled Chrome extensions in each user’s browser. Extensions are still installed, but disabled and marked as “malware” in the extensions section of the Chrome browser.



Rate article