Criminal ring of Chrome spyware extensions exposed, millions of users affected
Credit: Edgar Cervantes / Android Authority
A third-party security team discovered a ring of Chrome spyware extensions all working together.
The extensions were apparently downloaded over 32 million times, affecting millions of Chrome browsers.
This news once again illuminates how weak Google’s oversight of Chrome extensions really is.
In yet another instance of Google dropping the ball when it comes to Chrome spyware, a security research team called Awake Security found a ring of extensions all working together that compromised the security and privacy of millions of users.
After informing Google of the problematic Chrome spyware, Google removed over 70 extensions from the platform (via Reuters ). However, those extensions and others that were part of the focused and organized attacks have already been downloaded over 32 million times.
Related: How to block websites using Chrome
Awake Security estimates this is the most far-reaching Chrome spyware effort to date. However, Google declined to verify that claim. It also declined to explain why it did not catch the activity itself.
This Chrome spyware campaign was massive
These Chrome spyware extensions were usually disguised as tools that would, ironically, protect users from malicious sites. Some were also legitimate tools that would convert files from one format to another. However, while running, all the extensions could secretly siphon data from the user’s internet activity.
Related: 10 best security apps for Android that aren’t anti-virus apps
Using this data, the attackers could then obtain credentials for accessing both personal and corporate information. With so much business software usage happening in browsers nowadays, personal email accounts are no longer a big prize for attackers. Instead, Chrome spyware can obtain things like payroll records, corporate credit card accounts, and other highly sensitive information.
To avoid detection, the extensions would only transmit data from one server to another when the user was not using security software. In other words, the Chrome spyware was smart enough to know if security protocols were in place and then kill its illegal activity in response.
How did Google not see this?
Credit: Jimmy Westenberg / Android Authority
According to Awake Security, the information collected by these Chrome spyware applications bounced around a criminal network of over 15,000 domains. Almost all of those domains were purchased from just one registrar called Galcomm, based in Israel.
When contacted by Reuters , Galcomm denied any involvement with the criminal ring of apps. However, Awake Security contacted Galcomm multiple times during its investigation, with Galcomm never responding. Reuters also tried to give Galcomm a list of the domains used to transmit the stolen data a whopping three times,...