According to an Awake spokesperson, by the number of downloads, this was the largest malware campaign in Chrome to date.
Researchers at Awake Security have found spyware among the extensions to the market-leading Google Chrome web browser that has been downloaded about 32 million times. This example shows the industry’s inability to make browsers secure. Meanwhile, they are increasingly being used to work with e-mail, pay, and perform other sensitive functions.
Mass surveillance of Google Chrome users reveals security weakness
Alphabet said it has removed more than 70 malicious add-ons from its official Chrome Web Store after researchers warned about it last month.
“When we are warned about online store extensions that violate our rules, we take action and use these incidents as training material to improve our automatic and manual analyzes,” Google Representative Scott Westover told Reuters.
Most of the free extensions are designed to alert users of questionable websites or to convert files from one format to another. Instead, they downloaded browsing history and data that provided credentials for accessing internal business tools.
According to the representative of Awake, in terms of the number of downloads, it was the largest malicious campaign in Chrome to date. It is unclear who was behind it, as the developers provided Google with false contact information. It is noteworthy that the extensions were designed to avoid detection by antivirus programs and other security software.
