Browser extensions downloaded nearly 33 million times from Google’s Chrome Web Store have secretly downloaded highly sensitive user information, a security firm said Wednesday in a report stressing security measures. lax that continues to put Internet users at risk.
The extensions, which Google removes only after being privately informed about them, siphon sensitive data such as screenshots, contents of application clips, browser cookies used to access websites, and keyboard as well as passwords, researchers from security firm Awake told me. Many of the extensions are modular, meaning once installed, they update themselves with executable files, which in most cases are specific to the operating system they run on. Please provide additional information this news.
The company’s researchers found that all 111 of the extensions it identified as malicious connected to Internet domains registered by Israel-based GalComm. Investigators eventually found more than 15,000 registered through GalComm hosting malicious or suspicious behavior. Malicious domains use a variety of evasion techniques to avoid being labeled as malicious by security products.
Ji analyzes more than 100 networks across financial services, oil and gas, media and entertainment, health care and pharmaceuticals, retail, and three other industries. Remember that the artists behind the works have proven themselves in all those fields. Using Google’s attacks and domain registration that is approved by the Internet Center for Assigned Names and Numbers—and the ability to avoid detection by security agencies—underscores the frequent failure of technology companies in protecting Internet security.
“Reliability of the Internet and its infrastructure is critical,” Ji wrote in a summary of your findings. “The misuse of key components of this infrastructure—domain registration, browsers, etc.—shakes the foundation of trust and represents a risk to organizations and consumers alike. The study reveals three major areas of vulnerability with the Internet that are exploited to innocent users, but malicious browsing users. “
Feels like the first time…NOT!
Ji’s findings are hardly the first report of browser extensions hosted on Google servers being used maliciously against Chrome users. In an exclusive article posted last July, Ars reported on extensions—mostly hosted by Google—that collect 4.1 million users’ browsing histories and publish them publicly on an analytics site based on valuation. The data includes proprietary data from Tesla, Jeff Bezos’ Blue Origin, and dozens of other companies. Over the years, there have been dozens of other discoveries of malicious Chrome extensions, including one of the few that recently took place in February.
In a statement, Google employees on Thursday wrote:
We appreciate the work of the research community, and when we notice improvements in the Web Store that violate our policies, we take action and use those incidents as a learning tool to improve our automated and manual analysis. We conduct regular scans to find extensions using similar patterns, code, and behaviors, and remove those extensions if they violate our policies.
All extensions go through an automated review process, and most also receive manual reviews by our team. We use a combination of automated and manual review, based on multiple signals for a specific extension. You can view our full program policies Here.
The Chrome Web Store uses several methods to detect policy violations and enforce them, including manual and automated reviews both proactively and responsively. Corrective action may include removal from the Chrome Web Store or account termination. In addition to deleting the accounts of developers who violate our policies, we also highlight certain malicious policies we see to prevent extensions from returning. In addition, we have announced technical changes that will go forward strengthen the privacy of Chrome extensions and new policies improve user privacy.
Officials from GalComm did not respond to an email seeking comment for this post.
Extensions that appear as document readers, such as the ones below:
Others pretend to provide security enhancements:
Some of them provide the powers they claim. A full list of Finder extensions can be found here This Excel spreadsheet. (Those who don’t trust opening an Excel spreadsheet can upload it to Google Docs and read it there. Another is to read a list in the report linked above, but it only lists the extension ID and not the name.)
While the 33 million installs may be inflated with artificial downloads, Awake said it believes the number of infected devices in this campaign is likely close to that number. Because the number is based on the extensions available in the Chrome Web Store at the beginning of May, you may leave existing extensions and remove them later. That number doesn’t even count extensions available from channels outside of the Chrome Web Store.
The malicious domains that Awake identifies are Here.
While Google checks extensions before submitting them to the Chrome Web Store and removes extensions when it learns its process has failed, the process often fails, often to the detriment of millions of users. The company usually provides little notice to Chrome users whose privacy or security has been compromised.
The point is that users of any browser should install extensions sparingly and only when they provide real value. When you install one, try to choose one from a known developer or at least one with a website or social media handle that you can research. Don’t forget to read the comments for reports of suspicious behavior.
People should periodically recheck their extensions page to check for notifications that have been removed or found to violate the browser’s terms of service. While you’re there, remove any extensions that haven’t been used in a while or are no longer needed.