Awake Security researchers uncovered a massive Chrome malware campaign intended to harvest user data. As per a Reuters report, it involved over 70 malicious extensions on the Chrome Web Store that were downloaded over 32 million times.
Google was notified about the discovery last month, following which the search giant took down the extensions. According to the firm, the malicious Chrome extensions masqueraded as file converters, and ironically, as extensions that flagged bad websites.
However, in the background, these extensions funneled browsing history and user credential data from the compromised browsers. While there is no information on the attackers, it’s among the biggest malware campaigns against the Chrome browser to date.
It was known that the various extensions transmitted data to over 15,000 domains in total. All of these were purchased from Communigal Communication Ltd. – an Isreal-based domain registrar that denied having any involvement in the malware campaign.
A Google spokesperson told Reuters: “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”
In similar incidents, Google has previously deleted tens and even hundreds of unsafe Chrome extensions. The company also said it would focus more on the manual review process for the extensions submitted to the Chrome Store.
What makes it concerning is the Google Chrome takes the biggest piece of the pie when it comes to browser market share. Not to mention the ever-increasing need for web brow ..
Support the originator by clicking the read the rest link below.
