Google removed dozens of extensions from the Chrome Web Store after a security firm discovered they were using malicious practices to espionage of users and theft data.
The security company Awake he argues that encountered a total of 111 malicious or fake Chrome extensions that were able to take screenshots, read the clipboard, collect credentials, and track keystrokes.
Awake says this is one of the biggest malicious campaigns for Chrome users, and its impact is likely to be huge, with all of these extensions having 32 million downloads.
"Μέχρι σήμερα, έχουν πραγματοποιηθεί τουλάχιστον 32.962.951 λήψεις αυτών των κακόβουλων επεκτάσεων, και αυτό ισχύει μόνο για τις επεκτάσεις που ήταν διαθέσιμες στο Chrome Web Store από τον Μάιο του 2020."
We do not yet know who was behind this big campaign and how many users were affected, but the attackers appear to have used domains purchased from an Israeli-based company.
"Από τα 26.079 domains που έχουν καταχωριστεί μέσω της GalComm, τα 15.160 ή σχεδόν το 60% είναι κακόβουλα ή ύποπτα: φιλοξενούν διάφορα παραδοσιακά κακόβουλα programs and tracking tools used in browsers. With various evasion techniques, these domains avoided being labeled as malicious by most solutions ασφαλείας και έτσι επέτρεψαν να περάσει απαρατήρητη αυτή η εκστρατεία" αναφέρει η Awake.
Google has already removed these extensions and the security company has released one full list with the IDs of the add-ons.