Rights & Money

Google Chrome Users Hit by Malware Campaign

Free web browser extensions collected browsing history instead of tightening security

By Erika Morris

Last month, tech giant Google had to remove more than 70 malicious Google Chrome extensions from the Chrome Web Store after researchers sounded the alarm over spyware used for a massive global surveillance campaign.

A spyware effort infected people through 32 million downloads of those extensions since May, according to researchers at Awake Security, who say the tech industry is failing to protect the browsers people use for e-mails, payroll, online banking, and other sensitive functions. Given the number of downloads, the reserachers said, it was the largest malicious Chrome store operation yet. Most extensions don’t get more than 10 million downloads.

The extensions were disguised as those intended to covert files from one format to another or warn users about questionable websites, but in fact they collected browsing history and other data. It’s unclear how much damage the spyware has done or why Google wasn’t able to uncover and remove harmful extensions without help.

“If anything, the severity of this threat is magnified by the fact that it is blatant and non-targeted—i.e., an equal-opportunity spying effort,” Awake’s report said. “The research shows that this criminal activity is being abetted by a single Internet Domain Registrar: CommuniGal Communication Ltd. (GalComm).”

In the last three months, Awake has collected 111 malicious or fake Chrome extensions using GalComm domains. The extensions “can take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, [and] grab user keystrokes [and therefore passwords],” the report said.

GalComm stresses it was not involved and is not personally responsible for the attacks. Deceptive extensions have long been a problem and the problem is getting worse. Earlier on, they would show unwanted advertisements but now they’re more likely to install more malware or track your data either for the government or commercial purposes.

Because the spyware developers used fraudulent contact information to create and upload the extensions, the culprits have yet to be apprehended. The extensions were designed to avoid detection from antiviruses and other web security software. Sectors affected by the campaign included financial services, healthcare, and government organizations.

Photo: Unsplash/Pawel Czerwinski.