Security News > 2020 > June > Google Yanks 106 ‘Malicious’ Chrome Extensions

Google removed 106 Chrome browser extensions Thursday from its Chrome Web Store in response to a report that they were being used to siphon sensitive user data.
The attackers used the Google Chrome browser extensions to not only steal data, but also to create persistent footholds on corporate networks.
While Google has long policed its Chrome Web Store for rogue browser extensions, what is unique about this malicious effort was that it was allegedly part of a coordinated and "Massive global surveillance campaign." Researchers also assert that the campaign was aided by the internet domain registrar CommuniGal Communication Ltd. Galcomm owner Moshe Fogel told the news agency Reuters that his company was unaware of the malicious activity and had done nothing wrong.
"In the past three months alone, we have harvested 111 malicious or fake Chrome extensions using GalComm domains for attacker command and control infrastructure and/or as loader pages for the extensions," researchers wrote.
Golomb said browser extensions are the "New malware," explaining that critical business applications like Microsoft 365, Google services, Salesforce and Zoom are browser dependent.
News URL
https://threatpost.com/google-yanks-106-malicious-chrome-extensions/156731/
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)