Google Chrome Extensions With 32 Million Downloads Found to be Stealing User Data
Google Chrome extensions with 32 million collective downloads have found to be part of a spyware effort that has been stealing user data. Google was notified last month by researches about the malicious nature of these 106 extensions, after which it took them down from the Chrome Web Store.
The extensions disguised themselves as file convertors and some, ironically, alerted users for malicious websites. In reality, the extensions were stealing browsing history and user data. With 32 million downloads in total for these 106 extensions, it highlights important issues for Google that need to be resolved in order to protect user privacy and security when downloading extensions for Chrome.
Google spokesman Scott Westover told Reuters:
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,”
According to researchers at Awake Security, this was one of the biggest malware campaigns that hit Chrome Web Store so far. You can read the detailed report by Awake here, which traces back the malicious extensions to a domain registrar in Israel called Galcomm.
By exploiting the trust placed in it as a domain registrar, GalComm has enabled malicious activity that has been found across more than a hundred networks we’ve examined. Furthermore – the malicious activity has been able to stay hidden by bypassing multiple layers of security controls, even in sophisticated organizations with significant investments in cybersecurity.
Google failed to detect any issues with the extensions, even though the company claims to do regular malware scans in the Store. In February 2020, in a similar incident, Chrome extensions stole data from 1.7 million users.
Back in 2018, the company had revamped how extensions work. One of the important changes back then was changes to the extension review process, as noted below:
- Changes to the extensions review process: Going forward, extensions that request powerful permissions will be subject to additional compliance review.
Somehow, it seems that extensions that have complete access to browsing history and other user data in Google Chrome are not considered 'powerful' enough to face compliance reviews.
Note that 2018 was full of malicious Chrome extensions that successfully compromised user data.
- Four Malicious Chrome Extensions – Over Half a Million Victims
- Attackers Go on a “Chrome Extension Hijacking Spree” – Several More Compromised
- Ad Blocker Maker Says Ad Blockers Can Actually Be Malware…
- Trust a Browser Extension Because Millions of People Use it? It’s Probably Watching You All the Time and Stealing Your Internet History
Now that we are in 2020, Google's failure to fix issues with malicious Chrome extensions continues to disappoint. Even though Google's model of allowing extensions in Chrome Web Store without review seems to work better and attracts more developers, it fails to provide adequate protection for user data.
Stay in the loop
GET A DAILY DIGEST OF LATEST TECHNOLOGY NEWS
Straight to your inbox
Subscribe to our newsletter