Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,060
- Points
- 113
Recently, users have made 32 million downloads of fraudulent extensions for the market leader Google Chrome, writes Reuters, citing a study of the platform for detecting cyber attacks against organizations Awake Security. Researchers have highlighted the technology industry's failure to protect browsers increasingly used for email, payments, and other sensitive things.
Alphabet Inc (GOOGL.O) Google said it has removed more than 70 malicious add-ons from the official Chrome web store after researchers warned the corporation last month. “When we are alerted to web store extensions that violate our policies, we take action and train on these incidents to improve our automated and manual analysis,” said Google spokesman Scott Westover.
Most free extensions warn users about questionable websites or convert files from one format to another. New rogue extensions siphoned browser history and data that leaked accounts to access internal business tools.
According to Gary Golomb, co-founder and chief scientist of Awake Security, it was the largest malicious campaign in the Chrome store to date, judging by the number of downloads.
Google has declined to compare the latest spyware with previous campaigns and to discuss the extent of the damage or why it did not find and remove bad extensions on its own, despite past promises to monitor store offerings more closely.
It is unclear who was behind the attempt to distribute the malware. Awake Security believes the developers gave fake contact information when they submitted Google extensions.
"Anything that enters someone's browser, email, or other sensitive areas will be targeted by national espionage or organized crime," said former NSA engineer Ben Johnson, who founded security companies Carbon Black and Obsidian Security.
These extensions were designed to not be detected by antivirus or security software that assesses the reputation of domains, Golomb said. If someone used a browser to surf the Internet on their home computer, they would connect to a number of websites and transmit information, the researchers found. Anyone using a corporate network that contains security services will not transmit confidential information or even access malicious versions of sites.
“This shows how attackers can use extremely simple techniques to hide, in this case, thousands of malicious domains,” concluded Golomb.
Following the publication of this story, Awake Security released its research including a list of domains and extensions.
All considered and related domains (more than 15 thousand in total) were purchased from a small Israeli registrar Galcomm, officially known as CommuniGal Communication Ltd.
Awake Security believes Galcomm should have known what was going on. Galcomm owner Moshe Vogel told Reuters his company had done nothing wrong. “Galcomm is neither involved nor involved in any malicious activity. The opposite can be said: we are working with law enforcement and security agencies to prevent this as much as we can, ”wrote Vogel.
Vogel also asked for a list of suspicious domains and said the company had no email messages about Golomb's abuse requests, which he sent in April and duplicated in May. After publication, Vogel stated that most of these domain names were inactive and he will continue to study the rest.
Registrar oversight company Internet Corp for Assigned Names and Numbers said it had received a number of complaints about Galcomm over the years, but none of them were about malware.
For years, fraudulent extensions have been a problem and are getting worse. At first, they spit out unwanted advertisements, but now they are more likely to install additional malware or track where users are and what they are doing to government or commercial spies.
Malware developers have long been using the Google Chrome Store as a communication channel. When one in ten filings were found to be malicious, Google said it would improve security in 2018, in part due to an increase in user reviews.
But in February, independent researcher Jamila Kaya and Cisco Systems Duo Security discovered a similar campaign in Chrome that stole data from an estimated 1.7 million users. Google joined the investigation and found 500 fraudulent extensions.
“We do regular clean-ups looking for extensions that use similar techniques, code and behavior,” said Westover of Google in the same language as Google after the Duo Security report.
Alphabet Inc (GOOGL.O) Google said it has removed more than 70 malicious add-ons from the official Chrome web store after researchers warned the corporation last month. “When we are alerted to web store extensions that violate our policies, we take action and train on these incidents to improve our automated and manual analysis,” said Google spokesman Scott Westover.
Most free extensions warn users about questionable websites or convert files from one format to another. New rogue extensions siphoned browser history and data that leaked accounts to access internal business tools.
According to Gary Golomb, co-founder and chief scientist of Awake Security, it was the largest malicious campaign in the Chrome store to date, judging by the number of downloads.
Google has declined to compare the latest spyware with previous campaigns and to discuss the extent of the damage or why it did not find and remove bad extensions on its own, despite past promises to monitor store offerings more closely.
It is unclear who was behind the attempt to distribute the malware. Awake Security believes the developers gave fake contact information when they submitted Google extensions.
"Anything that enters someone's browser, email, or other sensitive areas will be targeted by national espionage or organized crime," said former NSA engineer Ben Johnson, who founded security companies Carbon Black and Obsidian Security.
These extensions were designed to not be detected by antivirus or security software that assesses the reputation of domains, Golomb said. If someone used a browser to surf the Internet on their home computer, they would connect to a number of websites and transmit information, the researchers found. Anyone using a corporate network that contains security services will not transmit confidential information or even access malicious versions of sites.
“This shows how attackers can use extremely simple techniques to hide, in this case, thousands of malicious domains,” concluded Golomb.
Following the publication of this story, Awake Security released its research including a list of domains and extensions.
All considered and related domains (more than 15 thousand in total) were purchased from a small Israeli registrar Galcomm, officially known as CommuniGal Communication Ltd.
Awake Security believes Galcomm should have known what was going on. Galcomm owner Moshe Vogel told Reuters his company had done nothing wrong. “Galcomm is neither involved nor involved in any malicious activity. The opposite can be said: we are working with law enforcement and security agencies to prevent this as much as we can, ”wrote Vogel.
Vogel also asked for a list of suspicious domains and said the company had no email messages about Golomb's abuse requests, which he sent in April and duplicated in May. After publication, Vogel stated that most of these domain names were inactive and he will continue to study the rest.
Registrar oversight company Internet Corp for Assigned Names and Numbers said it had received a number of complaints about Galcomm over the years, but none of them were about malware.
For years, fraudulent extensions have been a problem and are getting worse. At first, they spit out unwanted advertisements, but now they are more likely to install additional malware or track where users are and what they are doing to government or commercial spies.
Malware developers have long been using the Google Chrome Store as a communication channel. When one in ten filings were found to be malicious, Google said it would improve security in 2018, in part due to an increase in user reviews.
But in February, independent researcher Jamila Kaya and Cisco Systems Duo Security discovered a similar campaign in Chrome that stole data from an estimated 1.7 million users. Google joined the investigation and found 500 fraudulent extensions.
“We do regular clean-ups looking for extensions that use similar techniques, code and behavior,” said Westover of Google in the same language as Google after the Duo Security report.
