70 malicious Chrome extensions found spying on 32 million+ users

70 malicious Chrome extensions found spying on 32 million+ users

The massive spying campaign targeting Chrome users was exposed by researchers at Awake Security.


Over the past few months, we’ve uncovered various times how threat actors have been targeting Google Chrome users through malicious extensions. Turns out, the game continues with another similar incident just recently reported.


Discovered by Awake Security, 70 new malicious Chrome extensions have been found boasting over 32 million downloads in totality. To put the number of downloads into perspective, according to the co-founder & chief scientist of Awake – Gary Golomb – to date, this happens to be the largest malicious campaign targeting Chrome.


According to the firm, these extensions were posing as tools meant to convert files between different formats. However, in actuality, they were stealing the browsing history of users and trying to gain access to any sensitive credentials they could get their hands on.

The reason why they managed to evade detection was because of the techniques they used such as not targeting corporate networks which could have been potential of cybersecurity firms who may have reported them.


See: These Chrome extensions & Android apps collect your Facebook data


As for the culprits behind this, the contact information provided to Google upon the initial submission of the Chrome extensions was found to be fake.



One of the fake Chrome extensions (Image: Awake Security)



On t ..

Support the originator by clicking the read the rest link below.