Notebookcheck Logo

“Massive criminal surveillance campaign” of malicious Google Chrome extensions stole data from over 32 million users: do you have these installed?

The Chrome extensions stole data from over 32 million people (Image source: Panda Security)
The Chrome extensions stole data from over 32 million people (Image source: Panda Security)
A report by Awake Security indicates that 70 Google Chrome extensions, downloaded by over 32 million people, have been stealing user data and browsing history on a massive scale. The large-scale operation was enabled by a malicious domain registrar, GalComm.

According to a report by Awake Security, 70 malicious Google Chrome extensions, collectively downloaded by over 32 million users, have been stealing user data and Chrome browsing history.

The Awake Security report, titled "Discovery of a Massive Criminal Surveillance Campaign," states that threat actors exploited the nature of internet domain registration to infect over 32 million users worldwide with spyware masquerading as Google Chrome extensions. These extensions had permissions to read the user clipboard, harvest credentials, log keystrokes, and take screenshots.

This means that sensitive information like credit card details were potentially compromised. All of the malicious activity was registered through a single Israeli domain registrar, GalComm. While the ICANN (Internet Corporation for Assigned Names and Numbers) governs domain registrars, the report indicates that oversight is limited, making it easy for malicious actors like GalComm to exploit networks of trust.

The complete list of malicious Google Chrome on the Chrome Web Store can be found here. It's a good idea to go through the list and verify whether you have any of these extensions installed.

Read all 12 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2020 06 > “Massive criminal surveillance campaign” of malicious Google Chrome extensions stole data from over 32 million users: do you have these installed?
Arjun Krishna Lal, 2020-06-19 (Update: 2020-06-19)