Notebookcheck

“Massive criminal surveillance campaign” of malicious Google Chrome extensions stole data from over 32 million users: do you have these installed?

The Chrome extensions stole data from over 32 million people (Image source: Panda Security)
The Chrome extensions stole data from over 32 million people (Image source: Panda Security)
A report by Awake Security indicates that 70 Google Chrome extensions, downloaded by over 32 million people, have been stealing user data and browsing history on a massive scale. The large-scale operation was enabled by a malicious domain registrar, GalComm.

According to a report by Awake Security, 70 malicious Google Chrome extensions, collectively downloaded by over 32 million users, have been stealing user data and Chrome browsing history.

The Awake Security report, titled "Discovery of a Massive Criminal Surveillance Campaign," states that threat actors exploited the nature of internet domain registration to infect over 32 million users worldwide with spyware masquerading as Google Chrome extensions. These extensions had permissions to read the user clipboard, harvest credentials, log keystrokes, and take screenshots.

This means that sensitive information like credit card details were potentially compromised. All of the malicious activity was registered through a single Israeli domain registrar, GalComm. While the ICANN (Internet Corporation for Assigned Names and Numbers) governs domain registrars, the report indicates that oversight is limited, making it easy for malicious actors like GalComm to exploit networks of trust.

The complete list of malicious Google Chrome on the Chrome Web Store can be found here. It's a good idea to go through the list and verify whether you have any of these extensions installed.

Read all 12 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2020 06 > “Massive criminal surveillance campaign” of malicious Google Chrome extensions stole data from over 32 million users: do you have these installed?
Arjun Krishna Lal, 2020-06-19 (Update: 2020-06-19)
Arjun Krishna Lal
Arjun Krishna Lal - News Editor
I've had a passion for PC gaming since 1996, when I watched my dad score frags in Quake as a 1 year-old. I've gone on to become a Penguin-published author and tech journalist. When I'm not traveling the world, gathering stories for my next book, you can find me tinkering with my PC.