Google Chrome users may have been impacted by a massive spying campaign, report says

Google Chrome extensions downloaded more than 32 million times...

Posted: Jun 19, 2020 3:27 AM
Updated: Jun 19, 2020 2:00 PM

Google Chrome extensions downloaded more than 32 million times were used to spy on the popular browser's users in a massive global surveillance campaign, according to a new report.

The report, from cybersecurity firm Awake Security, found at least 111 'malicious or fake' Chrome extensions capable of taking screenshots, stealing login credentials and capturing passwords as users typed them. The campaign impacted a wide range of sectors including financial services, healthcare and government organizations, it added.

Extensions allow users to add features and capabilities to their browsers, such as a recently popular one that allows multiple laptops to stream Netflix shows simultaneously and another from Google that lets users flag suspicious websites.

But the new report highlights the potential for fraudulent extensions to do harm and compromise a wide variety of systems.

'The actors behind these activities have established a persistent foothold in almost every network,' researchers at Awake said.

Google confirmed that all the browser extensions flagged by Awake have since been removed.

'We appreciate the work of the research community, and when we are alerted of extensions ... that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,' Google spokesperson Scott Westover said in a statement provided to CNN Business. 'We do regular sweeps to find extensions using similar techniques, code, and behaviors, and take down those extensions if they violate our policies.'

Awake linked all the extensions associated with the spying campaign back to Galcomm, an Israeli web hosting company that claims to manage around 250,000 browser domains.

'By exploiting the trust placed in it as a domain registrar, Galcomm has enabled malicious activity that has been found across more than a hundred networks we've examined,' Awake researchers said in the report, adding that they found more than 15,000 Galcomm domains that were 'malicious or suspicious.'

'Galcomm is not involved, and not in complicity with any malicious activity whatsoever,' Moshe Fogel told Reuters, which was first to report on Awake's findings.

After this story published, Galcomm refuted parts of Awake's report, saying 25% of the domains Awake claimed to have checked were not Galcomm domains or had been deleted. The Israeli firm also said Awake had not sought its input before publishing the report.

'The report is at least irresponsible, if not worse,' Galcomm owner Moshe Fogel said in an email to CNN Business. 'We are considering our steps and actions against Awake.'

Google did not comment on Galcomm's role in the campaign.

Google Chrome extensions have been linked to cyberattacks in the past, including as recently as February this year. The company has taken several steps to improve the browser's privacy and security protections, Westover said.

'In addition to disabling the accounts of developers that violate our policies, we also flag certain malicious patterns we detect in order to prevent extensions from returning,' he added.

Oregon Coronavirus Cases

Data is updated nightly.

Cases: 154878

Reported Deaths: 2206
CountyCasesDeaths
Multnomah31824528
Washington21099212
Marion18373285
Clackamas13328175
Lane10200126
Jackson8315111
Umatilla763982
Deschutes593459
Yamhill376764
Linn357756
Malheur334458
Polk303942
Klamath278455
Douglas244754
Josephine232849
Benton232516
Jefferson195128
Coos144019
Union128119
Columbia124821
Wasco122026
Lincoln112820
Hood River106429
Morrow104614
Clatsop7756
Crook77518
Baker6507
Curry4246
Tillamook4142
Lake3746
Harney2736
Grant2221
Wallowa1424
Gilliam531
Sherman530
Wheeler221
Unassigned00

California Coronavirus Cases

Data is updated nightly.

Cases: 3559311

Reported Deaths: 51794
CountyCasesDeaths
Los Angeles118923221241
Riverside2894503767
San Bernardino2860772783
Orange2607213982
San Diego2589823260
Santa Clara1102371777
Kern102627811
Fresno950151422
Sacramento929611464
Alameda802791241
Ventura77395834
San Joaquin665691082
Contra Costa62164674
Stanislaus55887946
Tulare47784746
Monterey42138327
San Mateo38872515
San Francisco34138398
Santa Barbara31763407
Solano30024164
Merced28915395
Sonoma28004298
Imperial26855589
Kings21951218
Placer19763232
San Luis Obispo19612227
Madera15414209
Santa Cruz14588183
Marin13136197
Yolo12787185
Shasta10969174
Butte10922160
El Dorado9095100
Napa899869
Sutter884597
San Benito575259
Yuba573336
Lassen560119
Tehama508152
Tuolumne394659
Nevada394074
Mendocino379643
Amador344841
Humboldt318033
Lake314140
Glenn221923
Colusa212813
Calaveras190547
Siskiyou174014
Inyo128736
Mono12114
Del Norte9875
Plumas6536
Modoc4524
Mariposa3957
Trinity3675
Sierra990
Alpine810
Unassigned00
Medford
Mostly Cloudy
46° wxIcon
Hi: 48° Lo: 36°
Feels Like: 42°
Brookings
Partly Cloudy
51° wxIcon
Hi: 50° Lo: 33°
Feels Like: 51°
Medford
Mostly Cloudy
46° wxIcon
Hi: 26° Lo: 13°
Feels Like: 42°
Medford
Cloudy
46° wxIcon
Hi: 48° Lo: 35°
Feels Like: 42°
Klamath Falls
Partly Cloudy
37° wxIcon
Hi: 37° Lo: 25°
Feels Like: 25°
Drying out and warming up
KDRV Radar
KDRV Fire Danger
KDRV Weather Cam

Community Events