The malicious Chrome extensions were downloaded more than 32 million times. A report by the cybersecurity firm Awake Security has found 111 malicious or fake Chrome extensions. These extensions are used to spy on Chrome users. They are capable of taking screenshots, stealing long credentials and capturing passwords as users typed them.
The spyware campaign has impacted a wide range of sectors including financial services, healthcare, and government organisations. Google Chrome extensions store allow users to add new features and capabilities to their browsers.
Google has immediately removed the extensions after the researchers reported them last month. Google’s spokesperson Scott Westover told Reuters, “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analysis.”
The number of downloads suggest that this spyware attack is the most far-reaching malicious Chrome store campaign to date. Google has not disclosed how the latest spyware compared to previous campaigns.
If someone used Chrome to surf the web or a home computer, it would connect to a series of websites and transmit information. It is not clear who is behind these attacks. Developers supplied fake contact information when they submitted an extension to Google.
The extensions go undetected by antivirus and security software companies. Awake has released its research including the list of domains and extensions. Out of all the domains, 15,000 are linked to each other were purchased from a small registration in Israel.
Malicious developers have been targeting Google’s Chrome store for a long time. Google has decided to improve security by increasing human reviews of the apps submitted to the Chrome Store.