Massive Spying Campaign Affects Google Chrome Users

Massive Spying Campaign Affects Google Chrome Users

Massive-Spying-Campaign

In February of this year, Google removed over 500 malicious plugins from the Chrome store which stole data from nearly 1.7 million users.

While the tech-giant announced they have since taken several steps to improve the browser’s privacy and security protections, it is evident that malicious Chrome extensions remain a persistent threat.

On June 18th, researchers discovered a massive spying campaign impacting Google Chrome.

Extensions downloaded over 32 million times were exploited in a massive surveillance campaign impacting a wide range of sectors including financial services, healthcare, and government organizations.

"We do regular sweeps to find extensions using similar techniques, code, and behaviors, and take down those extensions if they violate our policies," Google spokesperson Scott Westover said.

This is the most far-reaching attack on the Google Chrome store to date. Malicious actors have been exploiting the Chrome store over the last few years, and deceptive extensions only seem to be getting worse.

In 2018, 1 in 10 submissions were deemed "suspicious", according to Reuters. This prompted Google to provide better security in part by increasing human review of these applications.

At this time, it is unclear who was behind the attack.

Although Google has since removed the flagged browser extensions, you might ask, "How can I be confident this won't happen again?"

With that said, carrying out regular sweeps is simply not enough.

What Can a Browser Extension Do?

When you download a browser extension, it can:

  • Read your clipboard
  • Read your passwords by monitoring user keystrokes
  • Take screenshots of sensitive data
  • Harvest your password credentials
  • And much more

How Can MSPs and IT Security Teams Stay Protected?

By relying on Google, or any web browser provider for that matter, to improve privacy and security protections, you are putting your business at risk of a zero-day attack.

Malicious Chrome extensions bypass antivirus and other traditional endpoint security solutions. Therefore, you must stop them from running in the first place and implement a solution that protects you when they happen to be exploited.

Here is some more information on the danger of Chrome extensions.

If you want to learn more about protecting your organization from malicious browser extensions, schedule a one-on-one meeting with a ThreatLocker support specialist.


Leave a comment!

All fields marked with an asterisk* are required.