Recently a total of 106 Chrome extensions have been removed from the platform. As it had happened on previous occasions, these are malicious extensions that have been collecting confidential information from users. While they were presented as tools to improve searches or convert files between formats, they were actually collecting all kinds of user browsing data.
The report has been published by Awake Security and they explain how they have been able to detect a total of 111 malicious extensions. The extensions contained malware code that allowed them to go unnoticed by Google’s Chrome Web Store security filters. Once inside the store they were dedicated to collecting data from the clipboard, cookies, screenshots and even the keystrokes of the device to obtain, for example, passwords.
The security company believes that all of them are organized and managed by a common agent. The reason to believe this is that all extensions have been sending the collected data to domains registered by the same company: GalComm. However, it has not been possible to identify who is behind it.
Before this report was made public, Awake Security already notified Google in May of this year. They indicate that at the time they gave the notice, the extensions already totaled 32,962,951 downloads. As it happens whenever malicious extensions are detected, Google has automatically deactivated the extensions in the browsers of the users who had them downloaded and enabled. Although they are not uninstalled, they do appear labeled “malware” in the browser extensions section.
The danger of extensions in browsers
Extensions in browsers have become one of attackers’ favorite targets. Getting to insert malware through extensions is much easier than through apps, where platforms currently have better security and verification. On the other hand, extensions allow attackers to have access to practically everything that is done in a browser, which is no small feat. In the browser we access many social networks and platforms, but we also access our bank account or email.
Only this 2020 Chrome has had to deal with malicious extensions on several occasions. In April of this year, for example, they eliminated 49 extensions that stole passwords from Bitcoin wallets and at the beginning of the year they had to disable automatic publication for certain types of extensions due to the amount of malware that was arriving. While there is no 100% perfect solution for either Google or users, it is best to be very skeptical of what we install and preferably avoid installing unverified extensions.
From Xataka we have contacted Google to see what their position is in this regard. We will update the article if we get a response.