Resurgence of a more dangerous spyware in Chrome Extension

June 28, 2020
google chrome extention spyware malware malicious script

Buzzing news from a threat intelligence firm released recently about Google Chrome browser crawling with Spyware that blends onto their browser extension. Speculations that these rupture in the Chrome extension targeted sectors ranging from financial, healthcare, and government organization. With almost 32 million recorded downloads of this fake extension, this is a report that cannot be ignored by the cyber community.

The threat intelligence firm confirmed on their report that the malicious extensions were found mainly to websites that the domain is registered through CommuniGal Communication Ltd. (GalComm). With its weak security measures, this opens the window for a grave threat to numbers of exposed networks. On its statistics report, they found almost 60% of the domains registered to GalComm, which is 15,160 out of 26,079 domains, are infected or have the Spyware embedded to it. These notable malicious or suspicious codes built of common and unusual reconnaissance malware. In the past few months, they were able to detect 111 fake extensions that were also active on Chrome Web Store as of May 2020.


What is new with the Spyware?

The reported Spyware has the feature to take screenshots of the user’s activity. These include and not limited to capturing credentials (username and password), reading clipboards, and stored cookies. As an added feature, this mentioned Spyware can bypass any multi-layered security imposed on a highly sophisticated cybersecurity application through ingenious command and control attributes.

Upon receiving the report from the security experts, Google, through its parent company Alphabet, had already made a mitigation action by running a thorough scan on its Official Chrome Web Store. As communicated, they were able to remove 70 malicious add-ons from the store. An official statement from Google says that they do not tolerate such acts, and Playstore will immediately remove anything found in violation of their policies from the store. Such a report will be used by their compliance team to enhance further their automated and manual malware/spyware website scanning protocol.

As for the registrar GalComm, they deny any knowledge towards the reported incident and dissent in affiliation to any malicious uploader. They are also firm on their statement that they are doing their best to protect their clients and businesses as they are much willing to cooperate with law enforcement and cybersecurity entities to stop such malicious acts.

About the author

Leave a Reply