According to Awake, a security firm, there are Google Chrome extensions that have been downloaded more than 30 million times from the Chrome Web Store that have been stealing sensitive user data. They reported that the security measures aren't strict enough, which is causing users to be at risk.
Google removed the Google Chrome extensions after the security firm privately notified Google of their malicious behavior. These malicious extensions actively grabbed data like keystrokes such as credit card information, browser cookies that are used to log in to different sites, clipboard content, and screenshots. This is information that the security firm shared.
The majority of the malicious extensions were modular, which means they would update themselves once a user installed them using executable files. Most of the modular extensions were specific to the operating system that they were ran on.
Details Surrounding The Malicious Google Chrome Extensions
Researchers from Awake found out that every malicious extension that they found was connected to Israel-based GalComm Internet domains. Eventually, a bit more than 15,000 Internet domains that are registered through GalComm and they all hosted suspicious and malicious behavior. Every malicious domain used different techniques to evade being identified as a malicious domain by security checks.
Awake thoroughly analyzed over a hundred networks across retail, health care and pharmaceuticals, media and entertainment, oil and gas, financial services, as well as a few other industries. It was found out that whoever was responsible for the malicious extensions had a persisting hold on in most of the fields mentioned above.
The cybercriminals behind the malicious extensions took advantage of Google and a domain register that the Internet Corporation for Assigned Names and Numbers accredited. They also evaded detection from security specialists, which brings to light how tech companies are failing at safeguarding security on the Internet.
Awake stated that people trusting the Internet and the infrastructure making it up is vital. When criminals exploit essential components of the Internet, such as browsers, domain registration, and others, it hinders the trust people have in it and it's a risk to consumers and organizations all the same.
The malicious extensions posed as document readers, security enhancements, file converters, and more. If you're interested in what extensions Awake reported to be malicious, check out the full report here.
Malicious Google Chrome Extensions Aren't A Rare Occurrence
Malicious extensions being used maliciously against users of Google Chrome while the extensions are hosted on Google's server aren't something that rarely happens.
According to an article from Ars Technica last year, they reported that there were more than 4 million users' browsing histories that were openly published on an analytics site you have to pay for. These browsing histories were collected by extensions.
For many years, dozens upon dozens of reports of malicious Google Chrome extensions have been cropping up. The most recent one only came up a few months ago in February.
Read on for how #Chrome Extensions evade detection and steal your data! https://t.co/wAUliEHBsd — Awake Security (@AwakeSecurity) June 18, 2020