Google Removes 106 Chrome Extensions For Collecting Sensitive User Data
Google has removed 106 malicious Chrome extensions that have been caught collecting sensitive user data.
The 106 extensions are part of a batch of 111 Chrome extensions that have been identified as malicious in a report published today by cyber-security firm Awake Security.
Awake says these extensions posed as tools to improve web searches, convert files between different formats, as security scanners, and more.
But in reality, Awake says the extensions contained code to bypass Google's Chrome Web Store security scans, take screenshots, read the clipboard, harvest authentication cookies, or grab user keystrokes (such as passwords).
Awake believes all the extensions were created by the same threat actor, although the company has yet to identify it.
The primary connection between all the extensions was that they sent user data back to domains registered through the GalComm domain registrar.
Furthermore, Awake says that many extensions also appeared to share the same graphics and codebase, with slight changes. In some cases, the extensions even had the same version number and the same descriptions, the company explained in its report.
Awake says that by May 2020, when it reached out to Google, the 111 malicious extensions have been downloaded 32,962,951 times.
Based on internal telemetry, Awake says that some of these extensions have been found on the networks of "financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, retail, high-tech, higher education and government organizations," effectively acting as backdoors into private networks and espionage tools -- albeit there's no evidence to suggest they've been used as such.
The company provided the list of the 111 malicious extension IDs here.
Harry Denley, Director of Security at the MyCrypto platform, provided ZDNet with the status of each extension. At the time of writing, only five of the 111 extensions reported by Awake to Google are still live on the Chrome Web Store.
According to standard practice, Google has deactivated the Chrome extensions in each user's browser. The extensions are still installed, but disabled and marked as "malware" in the Chrome browser's extension section.
Users can visit the chrome://extensions page and see if they installed any of the malicious extensions and remove them from their browsers.
Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals
The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more
AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments
Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more
Technology Sector Fuels U.S. Economic Growth In Q2
The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more
Tech Start-Ups Advised To Guard Against Foreign Investment Risks
The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more
Global IT Outage Threatens To Cost Insurers Billions
Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more
Global IT Outage Disrupts Airlines, Financial Services, And Media Groups
On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more