Security News > 2020 > June > Google Yanks 106 ‘Malicious’ Chrome Extensions

Google removed 106 Chrome browser extensions Thursday from its Chrome Web Store in response to a report that they were being used to siphon sensitive user data.

The attackers used the Google Chrome browser extensions to not only steal data, but also to create persistent footholds on corporate networks.

While Google has long policed its Chrome Web Store for rogue browser extensions, what is unique about this malicious effort was that it was allegedly part of a coordinated and "Massive global surveillance campaign." Researchers also assert that the campaign was aided by the internet domain registrar CommuniGal Communication Ltd. Galcomm owner Moshe Fogel told the news agency Reuters that his company was unaware of the malicious activity and had done nothing wrong.

"In the past three months alone, we have harvested 111 malicious or fake Chrome extensions using GalComm domains for attacker command and control infrastructure and/or as loader pages for the extensions," researchers wrote.

Golomb said browser extensions are the "New malware," explaining that critical business applications like Microsoft 365, Google services, Salesforce and Zoom are browser dependent.

News URL

https://threatpost.com/google-yanks-106-malicious-chrome-extensions/156731/