It was found that personal information was stolen by multiple extensions of Google Chrome, the total number of DLs of the relevant extensions is 33 million times



Among the extensions for Google Chrome that were published in the Chrome Web Store, there are many malwares that take screenshots, get clipboard contents, get tokens saved in cookies, etc., grasp keystrokes, etc. That's what security company Awake Security reports.

The Internet's New Arms Dealers: Malicious Domain Registrars | Awake Security

https://awakesecurity.com/white-papers/the-internets-new-arms-dealers-malicious-domain-registrars/



Exclusive: Massive spying on users of Google's Chrome shows new security weakness-Reuters

https://www.reuters.com/article/us-alphabet-google-chrome-exclusive/exclusive-massive-spying-on-users-of-googles-chrome-shows-new-security-weakness-idUSKBN23P0JO

Chrome extensions with 33 million downloads slurped sensitive user data | Ars Technica
https://arstechnica.com/information-technology/2020/06/chrome-extensions-with-33-million-downloads-slurped-sensitive-user-data/

There have been multiple cases of cases where 'Chrome extensions were stealing personal information', and in February 2020, 500 extensions were deleted from the Chrome Web Store.

It turned out that 500 Chrome extensions stole personal information, more than 1.7 million victims-GIGAZINE



According to Awake Security, 111 extensions were found to be stealing information this time. The total number of downloads for the extension has reached 33 million, and it has been removed from the Chrome Web Store by Google, which has been reported, but the number of victims may be more than 1.7 million in February.

These extensions have been confirmed to communicate with over 15,000 suspicious domains registered through the Israeli hosting company GalComm. It also confirmed that these domains are being used to host both traditional malware and browser-based monitoring tools.

In an interview with Reuters, GalComm's Moshe Fogel argued that it was unrelated to malware and said it was working with law enforcement and security agencies.

in Software,   Security, Posted by logc_nt