Massive Chrome Malware Spying on Millions of Users

Massive Chrome Malware Spying
Share It On:

19th June 2020, Kathmandu

Google has recently deleted more than 70 of malicious extensions from the Chrome Web Store.

Security researchers at Awake Security unraveled this massive Google Chrome malware campaign. It involved the download of more than 70 malicious extensions over 32 million times. The motive of this malware campaign was to harvest data as per a Reuters report.

Aware Security also highlighted the failure of Google to protect its browsers as they are widely used for email, payroll, and other sensitive operations.

According to a Google spokesperson, Google takes action immediately when they receive an alert of policy violations in the Web Store. They use such incidents as training material to improve their automated and manual analyses.

Based on the number of downloads, it was the biggest malicious spying attack on Chrome according to the firm.

Also Read: Google Patches Actively Exploited Chrome Vulnerability

Malware in Disguise

The massive malware campaign operated by disguising malicious extensions as file converters. And ironically, as extensions that flagged bad or toxic websites.

After the users download and install such malicious Chome extensions, these extensions start gathering user information. In the background, they funnel the browsing history and user credentials from the compromised browsers.

Gary Golomb, Co-founder and Chief Scientist at Awake Security, said that attackers designed these extensions to avoid antivirus detection.

The researchers found that the compromised browsers would connect to a series of websites and transmit information when surfed on a home computer.

Meanwhile, browsers in a corporate network would not transmit sensitive information if security services are intact.

“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said.

Who is Behind this Massive Malware Campaign?

It is unclear who was behind this spy attack on chrome users which means the attackers are still at large. Awake researchers said that the contact information on the malicious extensions was fake.

Furthermore, it was found that various extensions transmitted data to over 15K domains. In fact, it showed that Communigal Communication Ltd, an Israel-based domain registrar sold those domains.

However, the company denied having any part in this malware campaign.

Final Say

Google holds the biggest browser market share and that’s why this incident is so much more concerning. What also makes it concerning is the fact that such incidents come into light from a third-party security firm rather than Google itself.

This is not the first time Google had to remove Chrome extensions owing to their unsafe behaviors. It’s surprising how Google has turned a blind eye to this recent incident even after been notified long ago.

What are your views on this incident?

How do we really know that extensions in our browser don’t spy on us?

You might also want to check out:

How To Remove “2020 Annual Visitor Survey” Pop-up Ads

5 Ways to Detect Scam Emails Amid the Pandemic


Share It On:

Recent Posts

Thai Air Asia’s Dual Airport Operations: A Win For Nepal’s Tourism and Economy

Thai Air Asia’s Dual Airport Operations: A Win For Nepal’s

Share It On:5th November 2024, Kathmandu Thai Air Asia has officially resumed its flights at Tribhuvan International Airport (TIA), Kathmandu,

Student Entrepreneurs Gathering Nepal: Empowering Young Minds to Launch Innovative Startups

Student Entrepreneurs Gathering Nepal: Empowering Young Minds to Launch Innovative

Share It On:5th November 2024, Kathmandu The upcoming Student Entrepreneurs Gathering Nepal will be a groundbreaking event dedicated to empowering

Hong Kong’s Green Solution: Evolve™ for Sustainable Pest Management

Hong Kong’s Green Solution: Evolve™ for Sustainable Pest Management

Share It On:4th November 2024, Kathmandu As Hong Kong grapples with an escalating rodent population, a groundbreaking, eco-friendly solution has

Why Enterprise Search is Challenging: Navigating the Road to Workplace Search Success

Why Enterprise Search is Challenging: Navigating the Road to Workplace

Share It On:4th November 2024, Kathmandu As businesses move towards knowledge automation, enterprise search is emerging as a vital tool

XTransfer Captivates Audiences at Hong Kong FinTech Week 2024: Leading the Future of Cross-Border Trade Payments for SMEs

XTransfer Captivates Audiences at Hong Kong FinTech Week 2024: Leading

Share It On:4th November 2024, Kathmandu XTransfer, the world’s leading, and China’s top B2B cross-border trade payment platform, made a

West Indies Cricketer Chadwick Walton Signs For Karnali Yaks

West Indies Cricketer Chadwick Walton Signs For Karnali Yaks

Share It On:4th November 2024, Kathmandu Karnali Yaks has made headlines by signing popular West Indies cricketer Chadwick Walton for