Security News > 2020 > June > Google Yanks 106 ‘Malicious’ Chrome Extensions
Google removed 106 Chrome browser extensions Thursday from its Chrome Web Store in response to a report that they were being used to siphon sensitive user data.
The attackers used the Google Chrome browser extensions to not only steal data, but also to create persistent footholds on corporate networks.
While Google has long policed its Chrome Web Store for rogue browser extensions, what is unique about this malicious effort was that it was allegedly part of a coordinated and "Massive global surveillance campaign." Researchers also assert that the campaign was aided by the internet domain registrar CommuniGal Communication Ltd. Galcomm owner Moshe Fogel told the news agency Reuters that his company was unaware of the malicious activity and had done nothing wrong.
"In the past three months alone, we have harvested 111 malicious or fake Chrome extensions using GalComm domains for attacker command and control infrastructure and/or as loader pages for the extensions," researchers wrote.
Golomb said browser extensions are the "New malware," explaining that critical business applications like Microsoft 365, Google services, Salesforce and Zoom are browser dependent.
News URL
https://threatpost.com/google-yanks-106-malicious-chrome-extensions/156731/
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature (source)
- New Google Chrome feature will translate complex pages in real time (source)