Researchers at Awake Security have made news over the past 24 hours exposing a scheme in which some 79 malicious Google extensions were found on the Chrome Web Store as recently as the first week of May. While much of the news focused on the malicious Chrome extensions, security pros were scratching their heads over how the attackers managed to circumvent cloud-based security tools that researchers and security analysts have used for a decade or more.
Reuters first broke the story, reporting that users of the Chrome browser – the world’s leading browser by far with 2 billion users – downloaded the malicious Chrome extensions nearly 33 million times.
Google has since taken down the extensions from the Chrome Web Store and said when they are alerted of extensions that violate its policies, they take action and use those incidents as training material to improve its automated and manual analyses.
Gary Golomb, co-founder and chief scientist at Awake Security, said the attackers hid behind thousands of malicious domains housed at GalComm, an Israel-based registrar. According to the Awake Security report ..
Support the originator by clicking the read the rest link below.
