by Chris White
A massive spyware effort targeted users of Google’s Chrome web browser extensions downloaded tens of millions of times, Reuters reported Thursday.
The people responsible for the spyware attacked users through 32 million downloads of extensions to Google’s web browser, and collected browsing history and other user data, researchers at Awake Security told Reuters. Google removed more than 70 malicious extensions after researchers alerted the company of the attack in May, the company said.
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters.
The free extensions, which were add-ons that allowed users to customize their web browser, collected users’ browsing history and data that provided credentials for access to certain tools despite purporting to warn users about questionable websites, Reuters reported.
“We’ve announced technical changes that will further strengthen the privacy of Chrome extensions and new policies that improve user privacy,” Westover said in a statement provided to the Daily Caller News Foundation.
Westover said Google has a process to detect and remove malicious extensions with spyware, including taking extensions through an “automated review process.” Some extensions go through manual review as well, Westover said, but did not elaborate on how the malicious extensions Awake Security discovered were missed.
The company did not discuss the extent of the breach, nor did it lay out how many extensions were compromised.
The developers behind the ruse gave fake contact information when they submitted the extensions, effectively concealing those responsible, Awake told Reuters.
“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said. All of the domains were purchased from a registrar in Israel called Galcomm, according to Awake. The roughly 15,000 domains were linked to each other.
Galcomm owner Moshe Fogel denied taking part in the malicious activity. “Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” he wrote in an email to Reuters. “You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”
Reports of the spyware activity came after The Wall Street Journal reported on June 4 that Chinese and Iranian hackers were targeting staff working for the presidential campaign teams of former Vice President Joe Biden and President Donald Trump.
– – –
Chris White is a reporter for the Daily Caller News Foundation.