
Massive Spyware Campaign Used Chrome Extensions With 32 Million Downloads
Over 70 Google Chrome extensions were found to be surveilling users’ web browsing activity. The web browser add-ons were collecting user behavior and credentials for business apps. The massive spyware campaign secretly attacked Google Chrome users via 70 web browser add-ons. The malicious extensions racked up over 32 million downloads according to a report by Awake Security.
These Chrome web browser extensions integrated with email, accounting, and other sensitive data. Google said it has removed over 70 malicious add-ons from the Chrome Web Store after being alerted by the researchers at Awake Security in May.
These extensions can take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes (like passwords), etc.
~ Awake Security
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesperson Scott Westover said in a statement to Reuters.
What is a Web Browser Extension?
Chrome is by far the most popular web browser in use across the globe. Like most web browsers, Chrome users can add apps, called extensions, to add features and functionality to Chrome. Extensions can remember passwords, change color schemes, add calculators, detect malware, warn users of spoof websites, etc… Most of these extensions are useful and harmless. However, users should always read the terms of service and never grant an extension or any software more permission that it needs to complete its job.
READ: Where Are My Saved Passwords in Chrome?
Most of the malicious Chrome web browser extensions claimed to provide notifications about suspicious websites. Others were file format conversion services – for example, convert an image from jpg to.gif. However, what the browser extensions were really doing was spying on Chrome browser activity and collecting login credentials for access to the victim’s business software.
The hackers behind the malicious add-ons have not been identified. In their report, Awake Security noted the developers used false contact information.
With a collective 32 million downloads, this cyber attack was widespread. A list of IDs for these malicious Chrome extensions can be found here.
The malicious extensions were developed to avoid detection by antivirus and security software that only checked for spoof websites. That’s how more robust internet protection can help safeguard and clean up your computer.
How Do the Spyware Add-Ons Steal Information?
When a user opened Chrome that had one of these harmful extensions downloaded, Chrome would start sending data back to the hackers through a series of websites. The hackers set up a family of 15,000 domain names working together to help disguise their scam. All of the domain names were bought from Israeli registrar Galcomm. Awake Security stated that Galcomm should have realized what was happening.
Rogue browser extensions pose a significant security risk. Even corporate networks with enterprise security protection need to defend against connections to these websites and sending sensitive data. Get enterprise security protection for your home or office.
How to Uninstall Extensions in Chrome
This large-scale spyware campaign collected web browser activity through Chrome web browser extensions.
To permanently remove extensions from Chrome you will have to open up Chrome on your laptop. If you are worried that an extension is spying on your data or sending malicious information, disconnect it from the internet first
How do I permanently remove extensions from Chrome?
- On your Windows computer, open Chrome
- In the upper right corner of the Chrome window, click the three dots to expand the menu (Figure 1)
- Drop down the menu and choose More Tools
- Select Extensions
- The Chrome screen will show all the extension you have installed
- Click Remove next to the Chrome extension you want to permanently remove
Browser extensions are installed as apps on Android devices.
Only download unwanted software, apps, and extension from trusted sources. This is difficult because these apps were listed in the official Chrome Web Browser site.
Chrome users should use password protection and antivirus software to help protect their computers.