“Massive criminal surveillance campaign” of malicious Google Chrome extensions stole data from over 32 million users: do you have these installed?
A report by Awake Security indicates that 70 Google Chrome extensions, downloaded by over 32 million people, have been stealing user data and browsing history on a massive scale. The large-scale operation was enabled by a malicious domain registrar, GalComm.
According to a report by Awake Security, 70 malicious Google Chrome extensions, collectively downloaded by over 32 million users, have been stealing user data and Chrome browsing history.
The Awake Security report, titled "Discovery of a Massive Criminal Surveillance Campaign," states that threat actors exploited the nature of internet domain registration to infect over 32 million users worldwide with spyware masquerading as Google Chrome extensions. These extensions had permissions to read the user clipboard, harvest credentials, log keystrokes, and take screenshots.
This means that sensitive information like credit card details were potentially compromised. All of the malicious activity was registered through a single Israeli domain registrar, GalComm. While the ICANN (Internet Corporation for Assigned Names and Numbers) governs domain registrars, the report indicates that oversight is limited, making it easy for malicious actors like GalComm to exploit networks of trust.
The complete list of malicious Google Chrome on the Chrome Web Store can be found here. It's a good idea to go through the list and verify whether you have any of these extensions installed.
Arjun Krishna - Tech Writer - 623 articles published on Notebookcheck since 2019
I've had a passion for PC gaming since 1996, when I watched my dad score frags in Quake as a 1 year-old. I've gone on to become a Penguin-published author and tech journalist. Apart from working as an editor at Notebookcheck, I write for outlets including TechSpot and Gamingbolt. I’m the Director of Content at Flying V Group, one of the top 5 digital marketing agencies in Orange County. When I'm not traveling the world, gathering stories for my next book, you can find me tinkering with my PC.