Google's Chrome shows new security weakness, fraudulent extensions stealing user data
Google's Alphabet Inc removed more than 70 of the fraudulent extensions from its official Chrome Web Store after the researchers alerted it last month.
Google takes action by alerting extensions in the Web Store that break our policies and uses such events as training material to develop our automated and manual analyzes.
Some of the free extensions allegedly redirected users to inappropriate websites or transferred files from one format to another. They then siphoned off browsing history and data that offered access credentials to internal business resources.
According to Awake co-founder and chief scientist Gary Golomb, based on the number of downloads, this has been the most far-reaching malicious Chrome store campaign to date.
##Word from Google:
Google declined to discuss how the latest spyware compared to previous campaigns, the extent of the damage, or why it did not detect and remove the bad extensions on its own despite past promises of closer oversight of offerings. It's unclear who was behind the malware distribution effort. Awake said the developers provided fake contact information when the extensions were submitted to Google.
The extensions were designed to avoid detection of the reputations of web domains by antivirus companies or security software, Golomb said.
If someone used the browser to surf the web on a home computer, the researchers found it would connect to a series of websites and convey information. Someone who uses a business network that would include security services will not transfer confidential information or even access the websites' malicious versions.
All of the domains in question were purchased from a small registrar in Israel, Galcomm, formally known as CommuniGal Communication Ltd., with over 15,000 connected to each other in total.
Awake said Galcomm should have been aware of what was going on.
Galcomm owner Moshe Fogel told Reuters in an email exchange that his company had done nothing wrong.
Fogel said there was no record of the inquiries Golomb said he made to the company's email address in April and again in May to report abusive behavior, and asked for a list of suspect domains. Reuters sent him the list three times without having received a substantive response.
The Internet Corp for Assigned Names and Numbers, who oversee registrars, stated that it had received few complaints about Galcomm, and none about malware.
While tricky extensions have been a problem for years, they get worse. Originally, they encouraged unwanted advertising, and are now more likely to install additional malicious programs or track where users are and what they do for government or business spies.
One in every 10 submissions was found to be malicious from research done in 2018 by Google.
A similar campaign took place earlier this year where data of an estimated 1.7 million users was stolen. Google later joined the investigation as found roughly 500 fraudulent extensions.