Google Chrome Extensions With 32M Downloads Have Malicious Add-Ons that Steal Data, Report

News and Analysis

As of May 2020, Google’s Chrome Web Store has reportedly been hit with the most massive surveillance campaign so far, which managed to steal data from users around the world through over 32 million downloads of malicious extensions.

The attacks were discovered by cybersecurity firm Awake Security that claimed a single Internet Domain Registrar: CommuniGal Communication Ltd, or GalComm, facilitated the criminal activities. The firm explained in a dedicated report:

“GalComm has enabled malicious activity that has been found across more than a hundred networks we’ve examined. Furthermore – the malicious activity has been able to stay hidden by bypassing multiple layers of security controls, even in sophisticated organizations with significant investments in cybersecurity.”

32,962,951 Downloads of Malicious Extensions

There are 26,079 reachable domains registered through GalComm, with over 15,000 domains being malicious or suspicious, according to the report.

Over the past three months, the researchers found 111 malicious or fake Chrome extensions using GalComm domains for threat actor command and control infrastructure. Once downloaded, those extensions can collect credential tokens stored in cookies or parameters, passwords, take screenshots, and read the clipboard.

As of May 2020, Awake Security detected 32,962,951 downloads of malicious extensions in question. Moreover, the firm said that the extensions’ developers supplied false contact information when they submitted the add-ons to Google.

Also, the extensions were designed so they could skirt detection by antivirus companies or security software. Google ostensibly removed 70 of the malicious extensions from the Chrome Web Store.

In correspondence with Reuters, GalComm owner, Moshe Fogel, argued that “GalСomm is not involved, and not in complicity with any malicious activity whatsoever. You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”

Cyber Attacks Grow in Number

The number of cyber-attacks has indeed skyrocketed during the time of social unrest. In late May, researchers from cybersecurity firm ESET detected a modified version of ComRAT malware, which now targets Gmail users to steal confidential documents. In addition to misappropriation of documents, the trojan collects information about the network, Microsoft Windows configurations, and the Archive Directory groups or users.

Threat actors also began exploiting the Black Lives Matter campaign to distribute malware via email, which lures users to open an attached Microsoft Word file to “leave a review confidentially about Black Lives Matter.” Once a user opens the attached file, it initiates the installation of the so-called TrickBot trojan.

The global admiration for Zoom has brought about bad actors taking advantage of it and developing new ways to infect users’ computer systems. Once downloaded and installed, one of the malicious files that mimic the Zoom installer sets up a backdoor that enables criminals to initiate malicious processes remotely.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter


Related posts

Tags: , , ,