Experts discovered Chrome largest spyware installation campaign

Chrome spyware installation campaign

Specialists from the company Awake Security reported about currently perhaps the largest spyware campaign for installing spyware in Google Chrome. As part of the campaign, criminals registered thousands of domains and used extensions in Chrome to install malware on victims’ devices.

Users installed spyware through 32,962,951 downloads of various malicious extensions.

“The Awake Security Threat Research Team has uncovered a massive global surveillance campaign exploiting the nature of Internet domain registration and browser capabilities to spy on and steal data from users across multiple geographies and industry segments. If anything, the severity of this threat is magnified by the fact that it is blatant and non-targeted — i.e. an equal opportunity spying effort”, — write Awake Security researchers.

Majority of free extensions are designed to warn users about suspicious web sites or convention of files from one format to another, however, in some cases, cybercriminals build in them additional functions to monitor user actions in the browser.

According to experts, the detected spyware installation campaign turned out to be the largest for Google Chrome in terms of the number of downloads.

Malware developers provided false contact information when they confirmed extensions to Google.

“After analyzing more than 100 networks across financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, retail, high-tech, higher education and government organizations, Awake discovered that the actors behind these activities have established a persistent foothold in almost every network”, — explained Awake Security specialists.

Experts have discovered more than 15 thousand malicious domains associated with each other, purchased from a small Galcomm registrar (also known as CommuniGal Communication Ltd) from Israel. According to Galcomm director Moshe Fogel, the company did not know anything about these malicious domains.

Researchers notified Google of their findings, and the company removed more than 70 malicious programs from the official Chrome Web Store.

Chrome spyware installation campaign
The intersection of malicious Chrome extensions and traditional malware

Also, according to the findings of Awake Security – the problem leads to serious questions about the fragility of the Internet.

Enterprise security teams would do well to recognize that rogue browser extensions pose a significant risk especially as more of our digital life is now conducted within the browser. Moreover, this threat is one that bypasses a number of traditional security mechanisms including endpoint security solutions, domain reputation engines, web proxies and cloud-based sandboxes.

As we can see, “shit happens” even in such a proud security environment as Google Chrome. However, recently we talked about a literal illustration of this saying – Shitcoin Wallet for Google Chrome steals cryptocurrency passwords and keys.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *