A global surveillance campaign which makes use of spyware software embedded on extensions that are available on the web store of Google Chrome has been uncovered by Awake Security Threat Research Team.

Before the discovery, these malicious extensions have garnered nearly 33 million downloads all over the world. The research team also discovered that most of the domains were hosted by Israel-based registrar Galcomm.

The malicious extensions successfully bypassed multiple levels of security controls, as well as the cybersecurity measures put in place by organizations with advanced systems. They succeeded in staying hidden and have harvested lots of data like screenshots, credential tokens, clipboard data, and user keystrokes.


Related stories

The Awake Security Team reached out to Google and both companies have been putting heads together to identify and remove these malicious add-ons. As of the time of filing of this report, over 70 of such malicious extensions have been removed from the Google Chrome web store. However, Google has decided not to comment on the issue.

When contacted, Galcomm owner, Moshe Fogel said the registrar have no involvement in this massive spyware campaign. He added that, on the contrary, Galcomm, “cooperates with law enforcement and security bodies to prevent as much as we can.”

Neither Google nor the security research team which discovered this breach has released the statistics of the number of end-users that may have been affected by this huge security issue. You can find the names of the malicious extensions from the full report here

Leave a comment

Your email address will not be published.