SAN FRANCISCO, June 18, newly discovered spyware effort to attack users through 32 million downloads of extensions for Google’s market-leading Chrome web browser, researchers at the Wake of the Security told Reuters, underscoring the technology industry’s inability to protect the browsers as they are more used to the e-mails, payroll, and other sensitive functions.
Alphabet Inc, Google said that it removed more than 70 of the malicious add-ons on its official google Chrome Web Store after he was alerted by the researchers, in the last month.
“When we are notified of extensions in the Web Store that violates our policies, we take action and use these incidents as training material in order to improve our manual and automatic analysis,” Google spokesperson Scott Westover told Reuters.
Most of the free extensions are supposed to warn users about suspicious web sites or convert files from one format to another. Instead, they have siphoned off the browsing history and data that have provided credentials to access internal tools of the company.
Based on the number of downloads, it has been the further malicious Chrome store campaign to date, according to Awake co-founder and scientific director, Gary Golomb.
Google has refused to discuss how the spyware compared to before the campaigns, the extent of the damage, or why it did not detect and remove the bad extensions on its own, in spite of promises to oversee the bids more closely.
It is difficult to know who was behind the effort to distribute malware. Awake has said that the developer provided false contact information when they presented the extensions of Google.
“Anything that gets you in someone’s browser or by e-mail or other sensitive areas would be a target for the national espionage and organized crime,” said the former National Security Agency engineer, Ben Johnson, who founded security companies Carbon Black and Obsidian Security.
The extensions have been designed to avoid detection by anti-virus vendors or security software that evaluates the reputation of web domains, Golomb said.
If someone uses the browser to surf the web on a home computer, it would connect to a series of websites and to transmit information, the researchers found. Any person using a corporate network, which could include security services, would not transmit sensitive information or even get to the malicious versions of the web sites.
“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said.
All of the areas in question, over 15 000 related to each other in total, have been purchased from a small clerk in Israel, Galcomm, known officially as CommuniGal Communication Ltd.
Awake said Galcomm would have known what was happening.
In an email exchange, Galcomm owner Moshe Fogel told Reuters that his company had done nothing wrong.
“Galcomm is not in question, and not with the complicity of any malicious activity whatsoever,” Fogel wrote. “You can say exactly the contrary, we are cooperating with the law enforcement and security agencies in order to prevent as much as we can.”
Fogel said there is no record of the applications of Golomb said that he made in April and May to the company, to the e-mail address for reporting abusive behavior, and he asked for a list of suspect areas. Reuters has sent the list three times without getting an answer on the merits.
The Internet Corp for Assigned Names and Numbers, which oversees the offices of registration, said he had received few complaints about Galcomm over the years, and no malware.
While misleading, the extensions have been a problem for years, they are getting worse. They first spit out unwanted advertisements, and are now more likely to install other malicious programs or track where users are and what they do for the government or commercial spies.
Malicious developers have been using Google Chrome Store as a conduit for a long time. After one in 10 submissions has been considered as a suspect, Google said, in 2018, it would improve safety, in part, by the increase of the man of the examination.
But in February, independent researcher Jamila Kaya and Cisco Systems Duo Security has found a similar Chrome campaign that has stolen data from approximately 1.7 million users. Google joined the investigation and found 500 fraudulent extensions.
“We do regular sweeps to find extensions using similar techniques, codes and behaviors,” Google Westover said, in a language identical to what Google has given after the Duo report. — Reuters