One of the largest malicious campaigns targeting Chrome

Jun 19, 2020 05:09 GMT  ·  By
Attackers used various tactics to convince users to install the extensions, including dedicated pages
   Attackers used various tactics to convince users to install the extensions, including dedicated pages

Google has removed tens of extensions from the Chrome Web Store after a security company discovered they’ve been used for malicious practices, including spying on users and stealing their data.

Security firm Awake claims it came across a total of 111 malicious or fake Chrome extensions that were capable of taking screenshots, reading the clipboard, harvesting credentials, and monitor keystrokes.

Awake says this is one of the largest malicious campaigns aimed at Chrome users, and the impact is likely huge, as all these extensions totaled 32 million downloads.

“To date, there have been at least 32,962,951 downloads of these malicious extensions—and this only accounts for the extensions that were live in the Chrome Web Store as of May 2020. For context, very few extensions have been downloaded more than 10 million times,” the company says in an analysis.

Extensions already removed from the Chrome Web Store

While at this point it’s not clear who was behind this large campaign and how many users were impacted, the attackers used domains that were purchased from a company based in Israel.

“Of the 26,079 reachable domains registered through GalComm, 15,160 domains, or almost 60%, are malicious or suspicious: hosting a variety of traditional malware and browser-based surveillance tools. Through a variety of evasion techniques, these domains have avoided being labeled as malicious by most security solutions and have thus allowed this campaign to go unnoticed,” Awake says.

Google has already removed the reported extensions, and the security company has published a full list of the ID of the flagged add-ons here.

The search giant hasn’t released a statement on this campaign aimed at Chrome users, but the impact is likely huge. Chrome is currently the world’s number one browser, with a desktop market share that gets close to 70 percent. Chrome is also the default Android browser.