32 million downloads of extensions for the Google Chrome browser were part of an organized spyware outreach campaignInvestigators with cybersecurity company Awake Security have told ..

According to Gary Colomb, co-founder of the latter, the figures indicate that it has been the largest campaign of this type launched so far against Google Chrome, although at the beginning of this year another one was detected that affected a much greater number of extensions (500, compared to the 70 withdrawn now).

They did this using extensions that, for the most part, promised to warn the user that they were entering questionable websites, or that they provided file format conversion tools. But actually its function was to filter the browsing history and login data.

Non-detection of malicious extensions, a problem for Google

According to ., the company did not explain why, Despite its previous promises to monitor Chrome extensions more closely, this attack could not be detected.. According to Google’s Scott Westover,

“We regularly practice sweeping to find extensions that use these kinds of similar techniques, codes, and behaviors.

When we are alerted that Chrome Web Store extensions violate our policies, we don’t just take action – we use those incidents as training material to improve our automated and manual scans. “

Awake Security warned Google about this problem a month ago, after which they proceeded to delete the malicious extensions from their Chrome Web Store, all of them specifically designed to circumvent the detection of antivirus companies.

What dangers can third-party browser extensions have and how to avoid them

“The attackers used extremely simple methods to hide thousands of malicious domains [relacionados con la difusión de este malware]” In total, 15,000 domains acquired from a small registrar in Israel, Galcomm.

Awake He reproaches the latter that said massive operation of buying domains did not make them suspect of the problem that was being created. They simply deny any connection to this suspicious activity, one end backed by the (non-existent) history of malware spread allegations against Galcomm, according to ICANN.

In any case, who’s behind the campaign is still unclear– The developers of the malicious extensions provided false contact information when referring them to Google.


32 million downloads of extensions for Google Chrome were victims of a spyware campaign