Millions Impacted by Spyware from Malicious Google Chrome Extensions

Millions Impacted by Spyware from Malicious Google Chrome Extensions

Be Very Careful when you add an Extension to Chrome!Security researchers at Awake Security found 111 fake Google Chrome Extensions with over 32 million downloads from the Chrome store.  These extensions pretended to offer various services such as converting a file from one format to another but they connected to thousands of malicious domains and shared user’s sensitive information with third parties.

Google has automated scanners to prevent malicious extensions, but the crooks submitted fake contact information and they were designed to avoid the detection by Google’s automated review systems and user’s antivirus. The extensions could take screen shots of the user’s screens, access users’ clipboard and steal form input such as login ids.
The malicious extensions targets home users but when users accessed the internet from corporate networks, the extensions did not transmit information.

Google declined to disclose the extent of the spyware campaign when asked by Reuters or why it could not detect these malicious extensions. Although the malicious extensions targeted home users, they still pose a big risk to corporate users, many of whom are now working from home.

There have been previous attacks like this so try not to add ANY extensions to your browser if possible.

Read Full Article