32 million downloads: Chrome extensions cause massive spyware attack on users

Google has already removed 70 malicious add-ons that were responsible for illegitimate disclosure of sensitive user data from Chrome.

A major security vulnerability has recently been discovered in Google Chrome. Researchers at cyber security company Awake Security discovered a malware attack on Chrome users that was carried out using browser extensions. The affected add-ons were downloaded a total of 32 million times and tapped data on browser history and access data for business tools from users.

Huge spyware campaign: Google responds quickly

Joseph Menn reports on the spyware attack at Reuters. This is presented in the report by Gary Golomb, co-founder and chief scientist at Awake Security, as the most extensive spyware attack in the context of Google Chrome, measured in terms of the number of downloads for the affected extensions. The search engine company did not comment on this assessment.

Google was informed of the massive problem by the security company last month and promptly removed 70 add-ons. Google spokesman Scott Westover told Reuters:

When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyzes.

Most of the extensions affected, according to Menn at Reuters, were basically used to convert file formats or to warn against unsafe websites. However, they would have aggregated data on the browser history and access data for business tools of the users. It is still unclear who is behind the spyware attack. According to Awake Security, the contact details of the providers of the extensions concerned are nothing more than fake data.

Extensions should undermine malicious websites

Awake Security identified a total of 15,000 malicious websites linked to each other, which were bought by a small Isreal provider, Galcomm. Golomb explains that using the browser on a private computer – without the security measures like a corporate network – could result in users being redirected to the various malicious websites using the malicious Chrome add-ons. Because the extensions had undermined warning mechanisms of security software or antivirus programs.

This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,

so Gary Golomb. The company Galcomm, which, according to Golomb, could have known what the purchase of so many small domains could be used for, says no guilt:

Galcomm is not involved, and not in complicity with any malicious activity whatsoever. You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can,

explained Moshe Fogel towards Reuters. The extent of the spyware attack is not yet clear, but millions of sensitive user data could have fallen into the hands of third parties. Google is reacting quickly, but will have to face criticism for not being proactive enough against such bad actors. After all, Scott Westover emphasizes:

We do regular sweeps to find extensions using similar techniques, code and behaviors.

Chrome users who rely on various extensions should hope that these checks will further minimize the risk of spyware attacks in the future.

The status quo of online reputation management 2020

In the status report on Online Reputation Management 2020 you will find out how pioneers in this field stand up to the mainstream – and how you too can optimize your reputation.

Download now for free

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *