Google Chrome’s 2 billion users have been hit by a new threat—a massive spyware operation that secretly attacked via 32 million downloads of malicious extensions.
Google Chrome’s 2 billion users have been hit by a new threat—a massive spyware operation that … [+]
Google Chrome’s users account for two-thirds of the browser market, which makes them a huge target for cyber-attacks. Now, Google Chrome’s 2 billion users have been hit by a new threat—a massive spyware operation that secretly attacked via 32 million downloads of malicious extensions.
First reported by Reuters, the spyware operation was revealed by researchers at Awake Security. Google said it had already removed 70 of the malicious extensions from its Chrome store.
But the campaign itself is pretty scary. Spyware is a stealthy type of malware that monitors your activity and steals your sensitive information such as passwords after infiltrating your device. Awake Security said this campaign was the worst it has seen, based on the number of downloads of the malicious Chrome extensions.
How the Chrome spyware worked
The spyware worked by monitoring a victim’s use of the Chrome browser while at home and transmitting information after connecting to a series of sites. Although the Chrome extensions were designed to evade detection by anti-virus software, corporate networks using security tools would not transmit this information or connect to the websites.
Attackers were hiding behind thousands of malicious domains and more than 15,000 of these were bought from an Israeli registrar called Galcomm. Galcomm said it wasn’t aware about this activity and its owner told Reuters: “Galcomm is not involved, and not in complicity with any malicious activity whatsoever.
“You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”
Google has been the victim of several other campaigns targeting the Chrome browser. In February, Duo Security researchers discovered 500 extensions downloaded millions of times were uploading private browsing information to servers controlled by attackers, while redirecting victims to malware-laced websites.
I have contacted Google and Galcomm for additional comment and will update this story when the firm responds.
Avoid being hit by malicious extensions
So what can you do to avoid being hit by malicious extensions such as these? John Opdenakker, a security industry professional, recommends you only install extensions when you really need them. “It’s important to always check the permissions a browser extension requires. Don’t install extensions that ask for excessive permissions for the task they perform—it’s better to look for an alternative, less risky extension,” he warns.
In addition, Opdenakker advises that you regularly review the extensions you have installed (chrome://extensions) and remove the ones you no longer use.
As the biggest browser by far, Google will always be a target for this type of campaign. Even so, Chrome’s reputation for security and privacy isn’t at its best. The firm knows this and recently introduced a bunch of new Chrome features as part of an overhaul.
But you are looking for an alternative to Chrome, you could always try Microsoft’s Edge. Edge is based on the same Chromium based browser engine so has a similar feel and it has been adding new features that suit those working from home.