A cybersecurity firm uncovered a spyware attack that used Google Chrome extensions to harvest user data. Not only is this concerning due to the level and scope of the attack, but also due to how many people use the Chrome browser, as well as the amount of data that is typically associated with a Google product and service.
While Chrome is a user-friendly browser, this is not the first time it has been vulnerable to network security threats and it is not exactly the safest browser overall. However, due to the ease of use, speed, and the wide variety of extensions available, Chrome has remained one of the most popular internet browsers. Extensions are small pieces of software designed to customize the browser experience, and are a major part of the Chrome experience in general. They can be used for anything from cookie management and ad blocking to adding extra features to the user interface, making it easier to carry out tasks, such as taking screenshots or checking grammar.
It was recently discovered that a huge spyware attack was taking place through Chrome extensions and could have impacted many users of the browser. As detailed by Awake, the cybersecurity firm found 111 harmful or fake Chrome extensions that were available to download. Although the researchers have worked with Google to get these extensions taken down, they are understood to have already been downloaded more than 32 million times. These extensions were live in the Chrome Web Store up until May 2020 and Awake has provided a list of those discovered.
A Closer Look At The Chrome Extension Threat
The malicious extensions were identified as being linked to domains registered through Galcomm, an Israeli internet services provider. The Awake security team found that out of more than 26,000 reachable domains registered via Galcomm, over 15,000 were deemed to be harmful or suspicious. Found to hosting various forms of traditional malware and surveillance tools that would have normally been identified by security software solutions, the researchers discovered they used evasion techniques to avoid detection. According to the report, these harmful extensions were capable of taking screenshots, reading the clipboard, harvesting credential tokens stored in cookies, and figuring out passwords by analyzing keystrokes. The report also pointed out how this has likely put hundreds of networks in major sectors at risk, including financial services, healthcare and even government organizations.
While the scope of the attack is worrying, the sector comment is equally as concerning, considering recent events have caused so many companies and entire industries to move their operations online, and rely even more on technology solutions than before. This is also at a time when many institutions in different countries are struggling to combat the effects of the COVID-19 pandemic and have already faced additional cyberattacks. An attack of this scale and magnitude further highlights the importance for both individuals and businesses to be extra cautious of the Google Chrome extensions they download and use.
Source: Awake