A recent report from Reuters alleges that a newly discovered and massive spyware effort attacked users of the Google Chrome web browser through browser extensions downloaded 32 million times. According to security expert Ben Johnson, “Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organized crime.”
Reuters reports that a newly discovered spyware attack targeted users of Google’s Chrome web browser via browser extensions which received 32 million downloads. Google stated that it removed more than 70 malicious extensions from its Chrome Web Store after researchers at Awake Security alerted them to the issue.
Google spokesman Scott Westover told Reuters: “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”
Most of the extensions claimed that they would warn users about questionable websites or would convert files from one format to another. The extensions were actually transferring users’ browsing history and data that provided credentials for access to applications and websites.
Awake co-founder and chief data scientist Gary Golomb stated that based on the number of downloads alone, it was the most far-reaching malicious Chrome store campaign to date. Google declined to discuss how the latest spyware campaign compared with previous campaigns, the level of damage caused by the campaign, or why the infected extensions were not detected and removed from Chrome’s web store.
Former National Security Agency engineer Ben Johnson, who founded security companies Carbon Black and Obsidian Security, commented: “Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organized crime.”
Read more at Reuters here.