Malware creators are getting more and more clever with each passing day. It used to be that malicious attachments and downloads were the biggest areas of concern for malware, but cybercriminals have figured out that it’s much more profitable to disguise their attacks as legitimate apps and browser extensions.
Extensions, in particular, have become a breeding ground for illegal and quasi-legal cyber activity. The issue has gotten bad enough, in fact, that even Macs are vulnerable to malware under the guise of legitimate browser extensions. Tap or click here to see the malicious extension targeting Mac users.
But now, a new spyware campaign has been detected that targets Google Chrome through malicious browser extensions. Not only do these extensions siphon browsing history from unsuspecting victims, but they would also transcribe sensitive internal business credentials. If you use Chrome, here’s what you need to know.
Chrome impacted by 111 malicious extensions
In an exclusive report from Reuters, cybersecurity firm Awake Security revealed it had discovered an extensive web of 111 malicious browser extensions available for download on Google Chrome. These extensions appeared to behave normally on the surface, but behind the scenes, the software behaved more like spyware.
While victims haplessly browsed the web, these extensions collected copious amounts of data like web-browsing history. Some were even bold enough to scoop up login credentials for sensitive business profiles and tools.
Stranger yet, all of these extensions were linked to more than 15,000 web domains purchased from a single registrar called Galcomm, a small, Israel-based company. To be fair, Galcomm denies any wrongdoing in the matter and claims it didn’t know the domains were being used for such a purpose. The company has since chosen to cooperate with investigators.
While it’s currently unclear who the actual mastermind behind the malware is, Google has taken steps to clean up its extension store since Awake Security’s report was published. Most of the offenders have been removed for download, but neither Awake nor Google have shown the specific names of the extensions in question.
I use extensions on Chrome! Should I be worried?
Once Google removes the offending extensions from the Chrome web store, they’re unable to operate or connect to their respective domains. This means all you’d need to do is clean up any remnants from your browser extension menu.
Unfortunately, we don’t have a complete list of extensions to remove, and at the time of publication, we only know that Google has removed at least 70 malicious extensions for certain. This means there’s a non-zero chance you still might have one installed on your browser.
To protect yourself, we recommend erring on the side of caution and simply removing any extensions that aren’t from mainstream, well-known developers.
To find the extensions installed on your browser, open Chrome on your computer. On the upper right of the browser, click the three-dot hamburger menu and then More Tools, followed by Extensions. Here, you can disable or remove them to your liking.
Once again, it’s always risky to download software that you’re not 100% familiar with, and even if reviews are high and the comments positive, you never know if you’re dealing with fakes. Use your best judgment, and try to stick with what’s familiar to you. It’s not worth losing your privacy and personal data over.