A new spyware campaign has been discovered which used malicious Google Chrome extensions downloaded by 32m people to steal user data and credentials online.
As reported by Reuters, security researchers at Awake Security alerted Google to the presence of more than 70 malicious add-ons on the official Chrome Web Store that have now been removed.
The majority of the free extensions in question either warned users about questionable websites or were used to convert files from one format to another. However, the extensions actually siphoned off users’ browsing history and other data that provided scammers with their credentials.
According to Awake Security’s co-founder and chief scientist, Gary Golomb this was one of the most far-reaching campaigns in the Chrome Web Store to date based on the fact that the malicious extensions were downloaded 32m times.
The extensions used in the campaign were designed to avoid detection by antivirus software and other security software which evaluates the reputations of domains on the web. It is also unclear as to who designed the extensions as the developers supplied fake contact information to Google when they submitted them.
If a user downloaded one of the malicious extensions and then used Google Chrome on their home computer, they would connect to a series of websites and transmit information. However, users browsing on a corporate network would not transmit any sensitive information or even reach the attacker’s websites. The 15,000 domains used in the campaign were all purchased from a small Israeli domain registrar called Galcomm.
Security research from Tripwire’s vulnerability and exposure research team (VERT), Graig Young provided further insight on how extensions can undermine Chrome’s security, saying:
“The proliferation of browser extensions as conduits for all manner of online activity has been absolutely terrible for security. Chrome generally does well at resisting compromise from sophisticated exploits but extensions can undermine this security completely. When installing an extension, users must approve a permissions manifest defining what the extension can access but it’s likely that the majority of users are not reading or understanding the permission list.”
While extensions can certainly be useful, users should be wary about installing ones from unknown developers to avoid falling victim to potential scams online.
- We’ve also highlighted the best VPN services