Around 106 Google Chrome extensions, with malicious intents, have been found, which affected millions of users as they were collecting user data without the permission of the users. The 106 Chrome extensions were among a batch of 111 ones that have now been removed by Google. Read on to know more about the malicious Google Chome extensions.
Over 100 Chrome extensions spied on users
According to a research report by Awake Security, the identified Chrome extensions have been downloaded around 33 million times and have been collecting user data. These extensions could take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, or get user keystrokes (like passwords).
The extensions have been ranged from categories such as online scanners, reputation checkers, similar scanners, and web searches and had a common internet domain registrar: Gal Communication.
It is suggested that the malicious Chrome extensions could easily bypass security proxies, anti-virus, and even the Google Chrome Web Store to easily spy on users. This was done by either using the filtering/blocking method to provide users with the malicious extensions or by loading a Chromium package with malicious plugins on users' devices as the default browser to install such extensions.
While the Chrome extensions most likely come from a single attacker, there is no word on its identity. Additionally, the Chrome extensions have had a presence on networks such as financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, retail, high-tech, higher education, and government organizations.
Google has now disabled the malicious Chrome extensions. In a statement to Reuters, Google spokesperson Scott Westover said, "When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses."
You can visit Awake Security and read a detailed report on the same.