19th June 2020, Kathmandu
Google has recently deleted more than 70 of malicious extensions from the Chrome Web Store.
Security researchers at Awake Security unraveled this massive Google Chrome malware campaign. It involved the download of more than 70 malicious extensions over 32 million times. The motive of this malware campaign was to harvest data as per a Reuters report.
Aware Security also highlighted the failure of Google to protect its browsers as they are widely used for email, payroll, and other sensitive operations.
According to a Google spokesperson, Google takes action immediately when they receive an alert of policy violations in the Web Store. They use such incidents as training material to improve their automated and manual analyses.
Based on the number of downloads, it was the biggest malicious spying attack on Chrome according to the firm.
Malware in Disguise
The massive malware campaign operated by disguising malicious extensions as file converters. And ironically, as extensions that flagged bad or toxic websites.
After the users download and install such malicious Chome extensions, these extensions start gathering user information. In the background, they funnel the browsing history and user credentials from the compromised browsers.
Gary Golomb, Co-founder and Chief Scientist at Awake Security, said that attackers designed these extensions to avoid antivirus detection.
The researchers found that the compromised browsers would connect to a series of websites and transmit information when surfed on a home computer.
Meanwhile, browsers in a corporate network would not transmit sensitive information if security services are intact.
“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said.
Who is Behind this Massive Malware Campaign?
It is unclear who was behind this spy attack on chrome users which means the attackers are still at large. Awake researchers said that the contact information on the malicious extensions was fake.
Furthermore, it was found that various extensions transmitted data to over 15K domains. In fact, it showed that Communigal Communication Ltd, an Israel-based domain registrar sold those domains.
However, the company denied having any part in this malware campaign.
Google holds the biggest browser market share and that’s why this incident is so much more concerning. What also makes it concerning is the fact that such incidents come into light from a third-party security firm rather than Google itself.
This is not the first time Google had to remove Chrome extensions owing to their unsafe behaviors. It’s surprising how Google has turned a blind eye to this recent incident even after been notified long ago.
What are your views on this incident?
How do we really know that extensions in our browser don’t spy on us?
You might also want to check out: