It was found that personal information was stolen by multiple extensions of Google Chrome, the total number of DLs of the relevant extensions is 33 million times
Among the extensions for Google Chrome that were published in the Chrome Web Store, there are many malwares that take screenshots, get clipboard contents, get tokens saved in cookies, etc., grasp keystrokes, etc. That's what security company Awake Security reports.
The Internet's New Arms Dealers: Malicious Domain Registrars | Awake Security
Exclusive: Massive spying on users of Google's Chrome shows new security weakness-Reuters
Chrome extensions with 33 million downloads slurped sensitive user data | Ars Technica
https://arstechnica.com/information-technology/2020/06/chrome-extensions-with-33-million-downloads-slurped-sensitive-user-data/
There have been multiple cases of cases where 'Chrome extensions were stealing personal information', and in February 2020, 500 extensions were deleted from the Chrome Web Store.
It turned out that 500 Chrome extensions stole personal information, more than 1.7 million victims-GIGAZINE
According to Awake Security, 111 extensions were found to be stealing information this time. The total number of downloads for the extension has reached 33 million, and it has been removed from the Chrome Web Store by Google, which has been reported, but the number of victims may be more than 1.7 million in February.
These extensions have been confirmed to communicate with over 15,000 suspicious domains registered through the Israeli hosting company GalComm. It also confirmed that these domains are being used to host both traditional malware and browser-based monitoring tools.
In an interview with Reuters, GalComm's Moshe Fogel argued that it was unrelated to malware and said it was working with law enforcement and security agencies.
Related Posts: