Reuters exclusively reports that researchers at Awake Security discovered the newest spyware effort within Google Chrome that attacked users through extensions provided on the Chrome Web Store.
The extensions were downloaded around 32 million times and were mostly add-ons that warned users on sites that may danger their privacy or addons that converted files from one format to another. Instead of doing what they’re advertised to do, they instead accessed user browsing history and user login credentials.
Google said after it was altered last month it quickly took down more than 70 add-ons from the store. Gary Golomb, the co-founder of Awake Security says given the number of downloads of the extensions, this is one of the widespread security loopholes to date for Google Chrome.
Google claims that it does check extensions prior to adding them onto the store, however, it declined to comment on why these addons made it past the normal security measures. It also remains unclear whether this was a coordinated attack by a specific group to distribute the malware.
“Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organized crime,” said former National Security Agency engineer Ben Johnson, who founded security companies Carbon Black and Obsidian Security.
The add-ons were designed to sneak around typical virus software, and when used it would connect to other websites to transmit information. The 15,000 websites that were connected were owned by Galcomm, a registrar company in Israel. Golomb says that the company should have known what was going on but failed to attack.
The owner of the company Moshe Fogel told Reuters that Galcomm was not involved in the malicious activity and that blame should not be placed on it.
“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel wrote. “You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”
This isn’t the first time Google’s ss Web Chrome store has gotten attacked. In 2018 following a lesser widespread spyware effort Google said it would improve web security by increasing the efforts made by human reviewers on extensions.