Google Chrome Users May Have Been Impacted by a Massive Spying Campaign

Pixabay
Google Chrome extensions, which have been downloaded more than 32-million times, were used to spy on the browser’s users in a massive global surveillance campaign. Awake Security reported it found at least 111 “malicious or fake” Chrome extensions capable of taking screenshots, stealing login credentials and capturing passwords as users typed them. The campaign impacted a wide range of sectors including financial services, healthcare and government organizations. Awake linked the spyware to Galcomm, an Israeli web-hosting company that claims to manage around 250,000 browser domains. The company refuted parts of Awake’s report, saying 25% of the domains Awake claimed to have checked were not Galcomm domains or had been deleted, but said little about the other 75%. Google says all the extensions flagged by Awake have since been removed. -GEG

Google Chrome extensions downloaded more than 32 million times were used to spy on the popular browser’s users in a massive global surveillance campaign, according to a new report.

The report, from cybersecurity firm Awake Security, found at least 111 “malicious or fake” Chrome extensions capable of taking screenshots, stealing login credentials and capturing passwords as users typed them. The campaign impacted a wide range of sectors including financial services, healthcare and government organizations, it added.

Extensions allow users to add features and capabilities to their browsers, such as a recently popular one that allows multiple laptops to stream Netflix shows simultaneously and another from Google that lets users flag suspicious websites.

But the new report highlights the potential for fraudulent extensions to do harm and compromise a wide variety of systems.

“The actors behind these activities have established a persistent foothold in almost every network,” researchers at Awake said.

Read full article here…

Print Friendly, PDF & Email
Facebooktwitterredditpinterestlinkedinmail

Leave a Reply

You must be logged in to post a comment.