Security News > 2020 > June > Tens of Malicious Chrome Extensions Used in Global Surveillance Campaign
Malicious Chrome extensions employed in a massive global surveillance campaign have been downloaded by millions before removal, Awake Security reveals.
Over the past three months, Awake identified 111 malicious or fake Chrome extensions that used GalComm domains for attacker command and control infrastructure and/or as loader pages.
The security firm published TSV lists of IDs for these malicious Chrome extensions.
In some cases, users were tricked into installing the malicious extensions from professional-looking websites, others were downloaded by previously installed adware, while some were added multiple times to the Chrome Web Store, with only a few variations.
Some of the malicious extensions would completely bypass the Chrome Web Store, through a self-contained Chromium package included in other extensions, which tricks users into defaulting to a new rogue browser when prompted at first run.