A spyware cyber-espionage operation targeted users through 3.2 million “downloads” of extensions to Google’s popular web browser “Chrome”, researchers from “Awake Security” told Reuters; pointing to the problems the tech industry faces in protecting “browsers”, while they are increasingly used for communication, payments and other sensitive functions.
Google said it removed more than 70 of the malicious “add-ons” from the “Chrome Web Store” after being updated by researchers last month.
“When we are informed of “Web Store extensions” that violate our policies, we take action and use these incidents as educational material to improve our automated and manual analyses,”
Scott Westover, a Google spokesman, told Reuters.
Most of the free “extensions” were supposed to inform users about controversial websites, or convert files from one “format” to another. Instead, they looked at historical browsing and data that provided certifications for access to internal business tools.
Based on the number of “downloads”, it was the largest-scale “Chrome store” campaign so far, according to “Awake” co-founder Gary Golub.
It is unknown who was behind the attempt to release the malware. “Awake” reported that developers provided false contact information when submitting “extensions” to Google.
It is also noted that these “extensions” were designed to avoid detection by “antivirus” companies, or security software that evaluates the reputation of “web domains”, Golub said.
If someone used the “browser” to browse the “web” from a home computer, they logged on to a range of web pages and transmitted information, the researchers said.
Anyone using a corporate network, which included security services, did not broadcast sensitive information or reach malicious versions of web pages.
“This shows how perpetrators can use very simple methods to hide, in this case, thousands of malicious “domains””,
All the “domains” in question, over 15,000 linked together in total, were purchased by “Galcomm” in Israel (formerly known as “CommuniGal Communication Ltd”).
“Awake” estimates that “Galcomm” should have known what was going on, but its owner, Moshe Fogel, told Reuters that his company was not involved in these activities, and there are no communications records that Golub said he had conducted in April and May.
According to Fogel, most of the disputed “domain names” were active and the rest will be investigated.
“Internet Corp for Assigned Names and Numbers (ICANN)”, which oversees “registrars”, said it has received very few complaints about “Galcomm” in general, and none about “malware”.