Malicious spyware campaign targeted at Google Chrome extensions

Nearly 33 million Google Chrome users have fallen victim to a hacking campaign via browser extensions

Updated: June 19, 2020 - 3:26pm

The Facts Inside Our Reporter’s Notebook



Google Chrome web browser was discovered to be hosting multiple app extensions carrying spyware, Reuters reported.

Nearly 33 million people across the globe have downloaded malicious extensions in their favorite browser, possibly putting various usernames and passwords into the hands of hackers.

The Awake Security Threat Research Team discovered the hacking campaign. Over 15 thousand domains and 111 browser extensions were marked as suspicious or malicious, according to Awake’s report.

Many of the fake extensions duped people and claimed to provide protection against malignant websites and entities trying to steal people’s data. Other extensions were common file converters.

The extensions pray on various vulnerabilities in a user’s computer. According to the report, they can “take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes (like passwords),” among other ways to steal one’s data.

The hackers used various techniques to trick internet users into downloading the extensions, including creating professional-looking websites to make them seem legitimate, according to the report. In addition, although their extension is relatively new, they created fake users and positive reviews to encourage trust in unassuming consumers.

This is not the first time hackers have used Google Chrome as an avenue to people’s private information. Here are a few times hackers have targeted Google Chrome users in the past.

Earlier this year, researcher Jamila Kaya and Cisco Duo’s Security helped uncover a system of Chrome extensions siphoning data from 1.7 million users. Google partnered with them to investigate, finding 500 possibly malignant extensions.

Hackers have also used fake Google Chrome updates to access people’s data. They created a fake JavaScript file that redirects users to compromised WordPress sites. These less-secure sites allowed hackers to steal users’ data.

The majority of the malicious domains were purchased from CommuniGal Communications Ltd., also known as Galcomm, a small registrar in Israel, which helps small businesses with online exposure. In this case, the company helped distribute malware to millions of people.

Overall, this hacking campaign has bypassed many of the precautionary measures Google has taken to protect the world's most-used browser. This is the largest breach of user privacy and data Google Chrome has faced.

Just the News Spotlight