An earlier report by Reuters indicated that researchers at Awake Security highlighted the tech industry’s negligence to secure browsers as the user utilizes them for far more than streaming, banking, email, and other functions. The security company indicated that more than 32 million downloads of extensions in Google’s market for the Chrome web browser were the target of a newly discovered spyware effort.
Last month, Google removed over 70 malicious add-ons from the Chrome Web Store, after the security team alerted the Alphabet Inc. Awake co-founder and chief scientist Gary Golomb said that this is one of the most malicious Chrome store campaigns to date, based only on the number of downloaded Chrome extensions.
Google had problems in the past with spyware campaigns and vowed to supervise more closely, adding new extensions in the store. Despite those promises, Google declined to comment on the extent of the damage that the attack had, and why it did not detect it earlier. The perpetrator behind the attack is unknown at this moment. The security company said that the developers used fake credentials when they submitted the extensions.
All of the domains implicated in the breach, with more than 15,000 links in total, were purchased from a clerk in Israel, Galcomm, known formally as CommuniGal Communication Ltd. Reuters indicated that the firm denies any involvement in malicious activity. The Internet Corp for Assigned Names and Numbers said it had received complaints about Galcomm over the years, but none about malware.
“Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organized crime,”Former National Security Agency Engineer – Ben Johnson
Avoiding antiviral programs or security software was in the DNA of the malicious extensions, and any personal information that it could siphon from the infected user was the name of the game. Google has been doing all that it could to avoid any attacks, but campaigns like this one are becoming more complex. The extensions connect to a series of websites and transmit information. Fortunately, anyone using a corporate network would not send any sensitive information or even reach the malicious websites. The method used in the attack was simple, but Google and other companies need to step up and upgrade the way they vet any potential clients for digital storefronts.