Researchers at Oke Security said that experts recently discovered an attempt to spy on users of the main Chrome browser developed by Google, during which users are attacked through 32 million downloads of software add-ons over the Internet.
This highlights the failure of the technology industry to protect browsers at a time when they are increasingly using email, payroll, and other sensitive functions.
Google, affiliated with the Alphabet Group, said it had removed more than 70 malicious add-ons from the official Chrome Web Store on the Internet after researchers alerted them last month.
“When we are notified of add-ons in a web store that violate our policies, we move and use those facts as a training material to improve our analyzes,” Google spokesman Scott Westover told Reuters.
Most of these free add-ons claim that they warn users of questionable sites or that they transfer files from one entity to another. Instead, these additions steal browsing history and data that includes confidential information on how to access internal work tools.
This campaign is the most dangerous malicious campaign to which Chrome Store has been exposed so far, based on the number of downloads, said Gary Golomb, co-founder and chief researcher of OIC.
Google declined to discuss aspects of comparison between the recent spying campaign and previous campaigns and the extent of the damage it caused or the reason not to monitor it and remove the software additions on its own despite its previous promises to audit it.
It was not clear who was behind this attempt to spread the malware. Oike said that the developers of these plugins provide false contact information when they provide the extensions to Google.
“Anything that gives you access to a person’s browser, email, or other sensitive areas will be the target of espionage … or of organized crime,” said Ben Johnson, a former National Security Agency engineer and founder of Carbon Black and Obsidian Security.
Golombe said the software additions are designed to avoid being detected by anti-virus or cyber-security software companies that assess domain name online.
Researchers have discovered that if someone uses the browser on a home computer, they will connect to a series of websites and send information. But if someone uses a company computer that uses security methods, the device will not send sensitive information or until it reaches malicious copies from those sites.
“This shows that attackers can use very simple methods in order to hide in this case thousands of malicious bands,” Golomb added.
The number of domains concerned exceeds 15,000 and they are all related to each other, and it was bought by a small domain registration company in Israel called Galcom, previously known as Community Communications Limited.
OIC said that Galcom was supposed to know what was happening.
Galcom’s owner, Moshe Vogel, told Reuters by email that his company had done nothing wrong.
“Galcom is not involved in any malicious activity whatsoever or complicit in it. Rather, you can say the exact opposite.
We work with law enforcement and security agencies to prevent what we can prevent.
Vogel said there was no record of the inquiries that Golomb said he submitted in April and May to the company’s email address to report malicious behavior and request a list of suspicious domains.
Reuters sent him the list three times without getting a full response.
The Internet Corporation for Assigned Names and Numbers, which oversees domain name registries, has said it has received a few complaints about Galcom over the years, but none of them related to malware.
Although malicious add-ons have been a problem for years, they are getting worse. Initially, these add-ons were spreading unwanted advertisements, but now they are used more to install additional malware or tracking users and know what they are doing to spy, whether for the account of governments or companies.
Malware developers have long used Google Chrome as the outlet. After it became clear that about a tenth of the software provided was malicious, Google said in 2018 that it would improve security measures through measures including the use of the human component in the examination.
However, in February, independent researcher Jamila Kaya and Cisco Systems’ du Security company revealed a similar campaign through Chrome that had stolen data from about 1.7 million users. Google participated in the investigation of the matter and discovered 500 additions of fraudulent software.