Google Confirms Malicious Chrome Extensions With 30M Downloads That Steal User Data
According to Awake, a security firm, there are Google Chrome extensions that have been downloaded more than 30 million times from the Chrome Web Store that have been stealing sensitive user data. They reported that the security measures aren't strict enough, which is causing users to be at risk.
Google removed the Google Chrome extensions after the security firm privately notified Google of their malicious behavior. These malicious extensions actively grabbed data like keystrokes such as credit card information, browser cookies that are used to log in to different sites, clipboard content, and screenshots. This is information that the security firm shared.
The majority of the malicious extensions were modular, which means they would update themselves once a user installed them using executable files. Most of the modular extensions were specific to the operating system that they were ran on.
Details Surrounding The Malicious Google Chrome Extensions
Researchers from Awake found out that every malicious extension that they found was connected to Israel-based GalComm Internet domains. Eventually, a bit more than 15,000 Internet domains that are registered through GalComm and they all hosted suspicious and malicious behavior. Every malicious domain used different techniques to evade being identified as a malicious domain by security checks.
Awake thoroughly analyzed over a hundred networks across retail, health care and pharmaceuticals, media and entertainment, oil and gas, financial services, as well as a few other industries. It was found out that whoever was responsible for the malicious extensions had a persisting hold on in most of the fields mentioned above.
The cybercriminals behind the malicious extensions took advantage of Google and a domain register that the Internet Corporation for Assigned Names and Numbers accredited. They also evaded detection from security specialists, which brings to light how tech companies are failing at safeguarding security on the Internet.
Awake stated that people trusting the Internet and the infrastructure making it up is vital. When criminals exploit essential components of the Internet, such as browsers, domain registration, and others, it hinders the trust people have in it and it's a risk to consumers and organizations all the same.
The malicious extensions posed as document readers, security enhancements, file converters, and more. If you're interested in what extensions Awake reported to be malicious, check out the full report here.
Malicious Google Chrome Extensions Aren't A Rare Occurrence
Malicious extensions being used maliciously against users of Google Chrome while the extensions are hosted on Google's server aren't something that rarely happens.
According to an article from Ars Technica last year, they reported that there were more than 4 million users' browsing histories that were openly published on an analytics site you have to pay for. These browsing histories were collected by extensions.
For many years, dozens upon dozens of reports of malicious Google Chrome extensions have been cropping up. The most recent one only came up a few months ago in February.
Read on for how #Chrome Extensions evade detection and steal your data! https://t.co/wAUliEHBsd — Awake Security (@AwakeSecurity) June 18, 2020
Major Firms Having Problems: Is Cloud Security Safe?
Many cloud server providers are currently experiencing security breaches.
Why Should You Update Your Google Chrome? Is Microsoft Edge Better?
Now comes the hard decision, should you switch to Google Chrome or maintain Microsoft Edge? Here are a few tips to help you decide.
[New Feature] Android Google Chrome Adds an Automatic Dictionary : Here's How to Use it
Learn how to use Google's latest feature that gives automatic definition with a single tap.
FaceApp Privacy Concerns Resurrect Amid New Gender-Bending Feature Craze: Here's Why It's Safe [and Maybe Not]
Warning! Could the new Russian Faceapp be stealing your data?
Chrome Users Watch Out! Google Confirmed Serious New Issues With Windows 10 Release: Here's How to Fix
Google Chrome is considered one of the most popular browsers that people use next to Safari and up-and-coming Microsoft Edge. But with the release of the Windows 10 May 2020 Feature Update comes also a number of problems and issues as well.
MORE IN ITECHPOST
VR-Controlled Robots Stocking Shelves in Japan Convenience Stores
In a certain chain of Japanese convenience stores, robots that are controlled by people in VR will be stocking shelves instead of regular employees.
Spotted in Deep Space: Never Before Seen Four Mystery Objects
A few mysterious objects that haven't been seen until now have recently been spotted in deep space thanks to massive radio telescopes.
Learn the Ropes of Assembling a Car Like a Mechanic in Wrench
You can read all the manuals and watch hours of video, but nothing beats hands-on wrench-turning experience if you want to get better at understanding how your car works.