Security research firm Awake released a report today revealing that it had discovered 111 malicious Chrome extensions, most found in the Chrome Web Store, that had been downloaded nearly 33 million times (via TechRadar).

Google Chrome vs. Microsoft Edge: Which browser is best?Best Chrome extensions for productivity in 2020Windows 10 update wrecks browsers: What to do now

The 79 extensions that were available in the Chrome Web Store have since been removed after Awake brought them to Google’s attention. The extensions were naturally disguised as a variety of things, including, rather ironically, extensions to flag dangerous websites or simple tools like file converters.  The extensions were capable of installing malware, taking screenshots of the users’ devices without their knowledge, gathering user input, and more. The data was all being sent to domains (over 15,000) that had been purchased through a registrar named GalComm, which denies any knowledge of the activity.  Due to the high percentage of the company’s domains associated with the crime (some 60%), the security researchers at Awake indicated that “GalComm is at best complicit in malicious activity.” There were 32 other Chrome extensions identified by Awake that were not in the Chrome Web Store. Instead, these depended on installing the open-source Chromium browser when they were downloaded so they could run without going through Google’s approval process.  In an interview with Reuters, Google spokesman Scott Westover indicated that “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”  Hopefully, this should help eliminate, or at least reduce, similar attempts in the future.

What should you do?

Other than using this as motivation to review the Chrome extensions you have installed on your machine, this should serve as a reminder to pay careful attention to the permissions that an extension asks for. Some of the extensions found in the Chrome Web Store could signal red flags depending on the stated purpose of the extension. It also should drive home that most users shouldn’t install Chrome extensions from outside of the Chrome Web Store. While Google’s security measures failed to protect some 33 million users in this case, it had nonetheless reduced your exposure to potential malware and spyware versus extensions found on the open web. 

Chrome extensions were used to steal data from millions of users What to do - 97Chrome extensions were used to steal data from millions of users What to do - 3Chrome extensions were used to steal data from millions of users What to do - 84Chrome extensions were used to steal data from millions of users What to do - 79Chrome extensions were used to steal data from millions of users What to do - 68Chrome extensions were used to steal data from millions of users What to do - 40Chrome extensions were used to steal data from millions of users What to do - 59