Alphabet Inc (GOOGLE.OGoogle said it had removed more than 70 add-ons malware from its Chrome Web Store official after having been alerted by the researchers last month.
“When we are notified of extensions in the Web Store that violate our policies, we take action and use these incidents as training material to improve our automated scans and manual “, said to Reuters the spokesman for Google, Scott Westover.
Most of the free add-on claimed to warn users of suspicious Web sites or convert files from one format to another. Instead, they have siphoned off the browsing history and data that provide identification information for the access to the tools of internal business.
Based on the number of downloads, it was the campaign of Chrome the more malicious to this day, according to co-founder and chief scientist of Awake, Gary Golomb.
Google has refused to discuss how the latest spyware compared to previous seasons, the extent of the damage or the reason for which it was not detected and deleted the bad extensions by itself despite the promises of the past to oversee the bids more closely.
We don’t know who was at the origin of the effort distribution of the malware. Awake said that the developers had provided false contact information when they have submitted the extensions to Google.
“Anything that brings you into the browser or e-mail someone, or in other sensitive areas would be a target for espionage and organised crime “, said the former engineer of the National Security Agency Ben Johnson, who founded the security companies, Carbon Black, and Obsidian Security.
The extensions have been designed to avoid being detected by anti-virus companies or security software that evaluate the reputation of Web domains, said Golomb.
If someone uses the browser to surf the Web on a personal computer, it is connecterait to a series of Web sites and transmitting information, discovered the researchers. Any person using a corporate network, which would include security services, are not transmitting the information to be sensitive or would not be the same versions of malicious Web sites.
“This shows how attackers can use methods that are extremely simple to hide, in this case, thousands of malicious domains,” said Golomb.
All of the areas in question, more than 15,000 related to the total, have been purchased from a small registrar in israel, Galcomm, known officially under the name of CommuniGal Communications Ltd.
Awake said that Galcomm would have had to know what was happening.
In an exchange of e-mails, the owner of Galcomm, Moshe Fogel, said to Reuters that his company had done nothing wrong.
“Galcomm is not involved, and is not in collusion with any malicious activity,” wrote Fogel. “You can say exactly the contrary, we are cooperating with the forces of law and order and the security agencies to prevent the most possible.”
Fogel said that there was no trace of the surveys that Golomb was conducted in April and again in may at the e-mail of the company to report a abusive behavior, and he asked for a list of the domains suspects. Reuters sent him this list three times, without getting any substantive response.
The Internet Corp for Assigned Names and Numbers, which oversees the offices of registration, said it had received few complaints about Galcomm over the years, and no about of malware.
Although the extensions misleading problem for years, they get worse. Originally they spit out unwanted ads and are now more likely to install malware or additional follow where the users are located and what they do to spies, government or commercial.
The malware developer are using the Chrome Store by Google for a long time. After a submission on 10 was judged to be malicious, Google has declared to be in 2018 that it would improve security, in part by increasing the review human.
But in February, the independent researcher Jamila Kaya and Duo Security Cisco Systems have discovered here a campaign Chrome similar who stole data of about 1.7 million users. Google has joined the investigation and found 500 extensions to be fraudulent.
“We conduct regular scans to find extensions using techniques of the code and similar behaviors,” said Westover of Google, in a language identical to what Google gave after the report of Duo.
Report by Joseph Menn; Editing by Greg Mitchell and Leslie Adler
Our standards:The principles of the Thomson Reuters Trust.