Hundreds of Malicious Chrome Browser Extensions With Used for Stealing User Sensitive Data – 32 Million Users Affected

Recently, the security researchers of Awake Security have discovered 111 malicious browser extensions, that are used for stealing users’ sensitive information.

These malicious extensions could collect all credential tokens saved in cookies, and they also take screenshots, browse the content of the clipboard, and grasp the user keystrokes as well. 

Since Google Chrome is the most used web browser globally, if it’s being hacked, then definitely it’s not good news. It’s one of the massive spyware attack operations that quietly hit through 32 million downloads of malicious extensions.

Most of the free extensions indicated to warn users about suspicious websites or convert files from one setup to another. Rather, they drain off the browsing history and data that presented all credentials for access to different private business tools. 

Moreover, the reports also claim that depending on the number of downloads, this spyware attack is the most far-reaching malicious Chrome store operations till now, as we hinted earlier.

Malicious Extensions

If we talk about the extension, then the extensions that have been used in operation were created to bypass detection by antivirus software and other security software that estimates the reliability of domains on the web. The developer has provided fake contact; therefore, it’s not clear that who created these extensions.

Well, if any user downloaded the malicious extension then, they will automatically get connected to several websites. So it can transmit all sensitive information, but, if you are working on the corporate network, then it will not transmit any data. 

The domain that are used in these operations were all purchased from a small Israeli domain registrar known as GalComm (CommuniGal Communication Ltd.). And this operation consists of nearly 15000 domains that are used in this campaign. 

This type of attack is very dangerous for Chrome, as it generally does well at maintaining compliance from complex exploits. But this type of spyware extensions can ruin the security completely. Therefore, Google always recommends that while installing an extension, users must check the permissions they are allowing to the extension. 

The domains were detected, receiving several browser-based monitoring tools and malware. And the hackers that are behind this surveillance campaign practiced various trick and techniques to evade the domains being identified as malicious.

After being informed by the security researchers last month, Goole removed nearly 70 malicious extensions from its official Chrome Web Store.

So, what do you think about this? Share all your views and thoughts in the comment section below.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.