A spyware may have attacked Google Chrome users and this may have happened through 32 million extension downloads. According to a report by Reuters, Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.
Most extensions are free and so sometimes many unsuspecting users may not know that their details like browsing history are being siphoned by some of the malicious extensions to unknown sources. Just think about the number of people who use Google Chrome which is by far the world’s most used and installed browser. There are now about 5 billon Chrome installs on mobile devices and then there is the huge number of users who share their personal info on Chrome from passwords to personal data like banking details and browsing history which is seldom cleared by many users.
Google now says it is aware of the situation and has now removed over 70 extensions from the Chrome Web Store. A Google spokesperson told Reuters that “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”
The security researchers are saying that it is difficult to identify the players behind the spyware as the developers may have submitted the extensions using fake contact information. The other interesting thing about these malicious extensions is that they were designed to avoid detection by your average antivirus software. As Reuters explains, “If someone used the browser to surf the web on a home computer, it would connect to a series of websites and transmit information, the researchers found. Anyone using a corporate network, which would include security services, would not transmit the sensitive information or even reach the malicious versions of the websites.”
While the identities of these developers remain unknown, the domains they used are about 15,000 which linked with each other. These domains according to Awake Security researchers were bought from an Israeli registrar Galcomm, known formally as CommuniGal Communication Ltd. That said, Galcomm has been absolved of any involvement but as the report notes, they should have at least known what was going on. Galcomm owner Moshe Fogel told Reuters that his company had no knowledge of this in any way. “Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” you can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”
Google Chrome extensions security have been an issue for a long time and while Google has taken steps to stem the tide in the past years, the problem persists. Sometimes it comes down to the user taking personal responsibility.