Chrome extensions allow us to expand the functions with respect to those that we have as standard, but we must be careful with the ones we install in our browser, since some of them can be malicious, although the only one we have for your Installation is through the Chrome Web Store, which in theory should give us security as it is backed by Google, but in practice, the developers of malicious extensions manage to make their extensions pass as legitimate in the eyes of Google .
In this regard, Google has been forced to remove more than 70 malicious extensions from the Chrome Web Store during the past month of May after being alerted by the security researchers of Awake Security after a new investigation.
It so happens that these extensions, most of them free, had accumulated about 32 million downloads, also dedicating itself mainly to alerts about malicious sites or for the conversion between file formats, although in practice, These extensions have been dedicated to filtering sensitive user data such as browsing history or access credentials to internal commercial tools..
For researchers, This is the most far-reaching malicious campaign in Chrome in history. Google was supposed to take action on this, as promised in 2018, as not the first time malicious extensions have been sneaked into the extension storeWhat’s more, even these extensions have false contact details, the researchers found in their research, who consider that the condition of the extensions is getting worse over time.
In fact, these extensions have been designed to go unnoticed by antivirus solutions.
According to the researchers to Reuters, when a user connects from a personal computer and uses these tools, they are actually redirected to a series of malicious websites that obtain their information, while if they connect from corporate networks, thanks to Timely security systems will not reach these malicious websites to capture your credentials.
For this campaign more than 15,000 domains have been used, all of which are linked to each other, and which were registered through the Israeli company Galcomm. The investigators point out that the registrar should have been aware of what was happening, although its person in charge, Moshe Fogel, defends himself by noting that it is not involved or has complicity with the campaign, and that they even cooperate with the forces of order. and security forces to avoid as much damage as possible.