After reports surfaced detailing malicious activity, Google has removed over 70 add-ons from the Chrome Web Store, according to Reuters. These add-ons reportedly amassed at least 32 million downloads and had been detected by Awake Security, a renowned security firm. This signifies the tech industry's failure to protect browsers, which are increasingly used for sensitive tasks involving email, payroll, and other functions. Scott Westover, a spokesperson for the Mountain View firm, said:
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”
Most of the extensions purported to warn users of malicious activity on websites or convert files from one format to another. In actuality, these were used to illegally access browser history and credentials for internal business tools. The research firm believes that this was the biggest malicious Chrome store campaign to date.
It is not known who was behind the distribution of malware. The developers supplied bogus contact information when they submitted the extensions, Awake said. Alphabet was told about the add-ons last month and has since removed all of them from its store.
7 Comments - Add comment