Science, Technology, and Social MediaUS News

Massive Plot Stole Data From Google Users Who Downloaded Free Add-Ons To Chrome Web Browsers: Report

https://dailycaller.com/

A massive spyware effort targeted users of Google’s Chrome web browser extensions downloaded tens of millions of times, Reuters reported Thursday.

The people responsible for the spyware attacked users through 32 million downloads of extensions to Google’s web browser, and collected browsing history and other user data, researchers at Awake Security told Reuters. Google removed more than 70 malicious extensions after researchers alerted the company of the attack in May, the company said.

“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters.

The free extensions, which were add-ons that allowed users to customize their web browser, collected users’ browsing history and data that provided credentials for access to certain tools despite purporting to warn users about questionable websites, Reuters reported.

“We’ve announced technical changes that will further strengthen the privacy of Chrome extensions and new policies that improve user privacy,” Westover said in a statement provided to the Daily Caller News Foundation.

Westover said Google has a process to detect and remove malicious extensions with spyware, including taking extensions through an “automated review process.” Some extensions go through manual review as well, Westover said, but did not elaborate on how the malicious extensions Awake Security discovered were missed.

The company did not discuss the extent of the breach, nor did it lay out how many extensions were compromised.

The developers behind the ruse gave fake contact information when they submitted the extensions, effectively concealing those responsible, Awake told Reuters.

“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said. All of the domains were purchased from a registrar in Israel called Galcomm, according to Awake. The roughly 15,000 domains were linked to each other.

Galcomm owner Moshe Fogel denied taking part in the malicious activity. “Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” he wrote in an email to Reuters. “You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”

Reports of the spyware activity came after The Wall Street Journal reported on June 4 that Chinese and Iranian hackers were targeting staff working for the presidential campaign teams of former Vice President Joe Biden and President Donald Trump.

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org

Support Conservative Daily News with a small donation via Paypal or credit card that will go towards supporting the news and commentary you've come to appreciate.

Related Articles

3 Comments

  1. Seriously …
    who is so short in the brain dept that they would trust the world biggest milker and spreader of personal private data, to produce a secure and personal privacy protecting Browser.

    Use Firefox with the privacy add-ons needed to better secure it.
    Or better yet TOR by the EFF group.

  2. ……..and where is the list of free extensions that were downloaded for Chrome browser ???????????

  3. …..and WHERE is the list of free Chrome browser extensions that are malicious ???

Back to top button