As per Awake Security, a huge campaign in Chrome Web Store containing 111 malicious extensions, were collecting sensitive information about users. All those extensions were submitted to Chrome Web Store through fake domains, all registered at one registrar called GalComm. Awake also says the author behind all these campaigns is one, and haven’t been identified yet.
Awake Security has reported about 111 malicious extensions in Chrome Web Store, that are collecting user data in the form of cookies, keystrokes, clipboard content etc. All these without being flagged since so long. And after reporting to Google last month, Google has removed 106 extensions to date, and just 5 remain live in the store as of now. Yet, all these extensions were downloaded approximately 33 million times!
When analysed, all these extensions are tracked to relate to 15,160 malicious domains, which, all were registered by one domain registrar called GalComm! While the head of this Israeli registrar denied awareness about wrongdoings, it further affirmed that it would even help law enforcement agencies to curb such activities. ICANN too has responded that GalComm was previously reported by some people, but never for fraudulent domains.
Yet, it’s the common point for all 111 domains. All the extensions too had the same version number and they were listed more specifically in Awake’s report titled as “The Internet’s New Arms Dealers: Malicious Domain Registrars“. Users can check whether they have installed any of these extensions from chrome://extensions, and remove them. All these extensions claim to be serving better web speeds, image file transformations etc.
Well, Google has already taken down 106 of these extensions and 5 are still live at this time. These were labelled as Malware in the Chrome Web Store and blocked. But the internal checking shows that many of these malicious extensions were used by oil and gas, media and entertainment, financial services, retail, high-tech, healthcare and pharmaceuticals, higher education and government organisations!
Via: ZDNet