Google removed dozens extensions by Chrome Web Store when a security company discovered that they were using malicious practices to spy on users and steal data.
The security company Awake he argues that it encountered a total of 111 malicious or fake Chrome extensions that were able to take snapshots screen, read the clipboard, collect credentials, and track keystrokes.
Awake says this is one of the biggest malicious campaigns for Chrome users, and its impact is likely to be huge, with all of these extensions having 32 million downloads.
"To date, there have been at least 32.962.951 downloads of these malicious extensions, and this only applies to extensions that have been available in the Chrome Web Store since May 2020."
We currently do not know who was behind this large campaign and how many users were affected, but the attackers appear to have used domains which were purchased from a company based in Israel.
“Of the 26.079 domains registered through GalComm, 15.160 or nearly 60% are malicious or suspicious: they host various traditional malware programs and tracking tools used in browsers. Using various evasion techniques, these domains avoided being labeled as malicious by most security solutions and thus allowed this campaign to go unnoticed,” reports Awake.
Google has already removed these extensions and the security company has released one full list with the IDs of the add-ons.