Google Chrome

Have Malicious Chrome Extensions Stolen Your Data?

Do you use Google Chrome extensions?  If so, it looks like now is the time to start changing your passwords.

Awake Security, a well-known cyber security firm, found over 100 malicious Chrome extensions that were downloaded over 32 million times, and that were able to actually spy on the users of the extensions.  They were able to screenshot what the users were doing, enabling them to steal usernames and passwords… In real time!  These include fake and malicious extensions for a plethora of industries from financial to medical to municipal.

If you don’t know what extensions are, they can really come in handy.  They’re almost like little shortcuts that can allow a user to spell check their online session, or watch a Netflix show with your loved ones.

Which makes this new report feel even more ominous.  Because something that can be used for good is being exploited.  But as we have said before, even in these troubling times, hackers have no shame.

Google’s Response

To Google’s defense, they have responded valiantly.  They have already removed all of the extensions that Awake tested, and they publicly thanked the company for finding malicious extensions.

But this is not their first rodeo.  In fact, just in February of this year (can anyone remember life before quarantine?), Google Chrome extensions were used in a rash of cyber attacks.  Due to these attacks, Google decided to implement additional security measures by disabling the accounts of any developers who had violated the policies and by flagging any suspicious activities.

It appears that hasn’t been enough.

Fortunately, Awake has been able to identify a likely culprit; all of the extensions that were spying on users were in some way associated with the Israeli web hosting company, Galcomm, who manages a quarter-of-a-million domains.  Fifteen thousand of which, according to Awake, appear to be suspicious, if not down-right malicious.

Galcomm, for their part, has not accepted responsibility, and has refused to comment on it.

What can you do?

You definitely want to limit the number of extensions that you utilize.  If you feel you HAVE to have it, do your research and make sure that the extension is ACTUALLY FROM a reputable company.
If you are worried you might have been the victim of a malicious extension spying campaign, you will want to change the passwords to any site that might have sensitive information, because your login credentials will most likely be sold on the black market.  And if you are like so many other folks, you probably use the same password repeatedly.
If you work from home, especially right now, you really want to make sure that you aren’t compromised.  Which is why we created our FREE Remote Security Checklist.  We strongly urge you to implement the security controls in our checklist to help create extra added layers of security to your home office. While that will definitely help, if you feel you need even more cyber security for your work or home office, you can always give us a call at 919-422-2607, or schedule a free consultation with Craig by clicking here.
And please, stay safe out there.

Leave a Comment

Your email address will not be published. Required fields are marked *