Info-tech

Hackers launched spyware attack through Google Chrome extensions : Report

Hemani Sheth Mumbai | Updated on June 19, 2020 Published on June 19, 2020

The MoU will also give LTTS access to IIT-Kanpur’s cutting-edge test-bed for critical infrastructure.   -  istock.com/ipopba

A new cyberthreat has emerged in the form of a massive spyware campaign that targeted users through Google Chrome extensions downloaded more than 32 million times, as per reports.

According to a report by cybersecurity firm Awake Security, over a hundred malicious Google Chrome extensions were used to spy on Google Chrome’s users in a massive global surveillance campaign.

“The Awake Security Threat Research Team has uncovered a massive global surveillance campaign exploiting the nature of Internet domain registration and browser capabilities to spy on and steal data from users across multiple geographies and industry segments,” the cybersecurity firm said in its report.

The firm found at least 111 "malicious or fake" Chrome extensions in its study.

These extensions are capable of spying on users by taking screenshots, reading a user’s clipboard, harvesting credential tokens stored in cookies or parameters and even get user passwords by grabbing user keystrokes.

The extensions were from domains that were registered under a known internet registrar GalComm.

“In the past three months alone, we have harvested 111 malicious or fake Chrome extensions using GalComm domains for attacker command and control infrastructure and/or as loader pages for the extensions,” the firm said.

“Of the 26,079 reachable domains registered through GalComm, 15,160 domains, or almost 60%, are malicious or suspicious,” it said.

The firm has recorded at least 32,962,951 downloads of these malicious extensions till date many of which had been available in Chrome’s web store.

Google’s parent company Alphabet Inc has said that it has removed over 70 of these malicious add-ons from its official Chrome Web Store after the firm had alerted them of the same, Reuters reported.

“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” said a Google spokesman as quoted by the report.

GalComm had denied any wrongdoing, it said.

“GalComm is not involved, and not in complicity with any malicious activity whatsoever,” the company said as quoted by the report.

“You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can,” it said.

Published on June 19, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.