Chrome extensions with 33 million downloads slurped sensitive user data
Spying campaign tied to 15,000 malicious or suspicious domains uploaded data. …
reader comments
30 with 26 posters participating, including story author
Browser extensions downloaded almost 33 million times from Google’s Chrome Web Store covertly downloaded highly sensitive user information, a security firm said on Thursday in a report that underscores lax security measures that continue to put Internet users at risk.
The extensions, which Google removed only after being privately notified of them, actively siphoned data such as screenshots, contents in device clipboards, browser cookies used to log in to websites, and keystrokes such as passwords, researchers from security firm Awake told me. Many of the extensions were modular, meaning once installed, they updated themselves with executable files, which in many cases were specific to the operating system they ran on. Awake provided additional details in this report.
Company researchers found that all 111 of the extensions it identified as malicious connected to Internet domains registered through Israel-based GalComm. The researchers eventually found more than 15,000 registered through GalComm hosting malicious or suspicious behavior. The malicious domains used a variety of evasion techniques to avoid being labeled as malicious by security products.
Awake analyzed more than 100 networks across financial services, oil and gas, media and entertainment, health care and pharmaceuticals, retail, and three other industries. Awake found that the actors behind the activities had established a persistent foothold in almost all of those fields. The attackers’ use of Google and a domain register accredited by the Internet Corporation for Assigned Names and Numbers—and the ability to evade detection by security firms—underscores the frequent failure of tech companies in safeguarding
Continue reading – Article source
