Google removed more than seventy extensions from its Chrome Web Store last month after being alerted that they were apart of a spyware campaign stealing browsing history and data from users


According to NBC News, Google removed more than seventy extensions from its Chrome Web Store last month. Based on the number of downloads, this campaign was the most far-reaching malicious Chrome store campaign to date, according to Awake Security co-founder and chief scientist Gary Golomb. Google removed these extensions immediately once it was alerted that they were part of a spyware campaign that stole browsing history and data that provided credentials for access to internal business tools. “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters. Most of these extensions gave the impression that they intended to warn users of questionable websites or convert files from one format to another. ~

It is currently unclear who was behind the effort to distribute the malware, but it is known that all of the domains in question, more than 15,000 linked to each other in total, were purchased from a small registrar in Israel, Galcomm, known formally as CommuniGal Communication Ltd (NBC). The developers supplied fake contact information when they submitted the extensions to Google according to Awake Security. The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputations of web domains, Golomb said. The extensions were not made to steal information from everyone; however, if someone were to use a corporate network – which would include security services – the extensions would be unable to reach the malware it wants. The extensions were made specifically to reach users surfing the web at home in order to steal information from those at home who do not have an adequate security system. ~

This shows the need for online home security services because without them “attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said (Reuters). Google claims it will continue to do “regular sweeps to find extensions using similar techniques, code, and behaviors,” (NBC). ~

Leave a Reply