“Massive criminal surveillance campaign” of malicious Google Chrome extensions stole data from over 32 million users: do you have these installed?
According to a report by Awake Security, 70 malicious Google Chrome extensions, collectively downloaded by over 32 million users, have been stealing user data and Chrome browsing history.
The Awake Security report, titled "Discovery of a Massive Criminal Surveillance Campaign," states that threat actors exploited the nature of internet domain registration to infect over 32 million users worldwide with spyware masquerading as Google Chrome extensions. These extensions had permissions to read the user clipboard, harvest credentials, log keystrokes, and take screenshots.
This means that sensitive information like credit card details were potentially compromised. All of the malicious activity was registered through a single Israeli domain registrar, GalComm. While the ICANN (Internet Corporation for Assigned Names and Numbers) governs domain registrars, the report indicates that oversight is limited, making it easy for malicious actors like GalComm to exploit networks of trust.
The complete list of malicious Google Chrome on the Chrome Web Store can be found here. It's a good idea to go through the list and verify whether you have any of these extensions installed.
Are you a techie who knows how to write? Then join our Team! Wanted:
- News Writer (Romania based)
Details here