Google Chrome Extensions Found Spying On Users: A Serious Privacy Threat Uncovered!

Must Read

Net Worth Of Jeff Bezos Is More Than Combined Net Worth of India’s Top 10 Richest People!

Jeff Bezos and the phrase 'World's Richest Person' has become synonym to each other. But after the...

Search Engine Optimization In Digital Era: Look Beyond Traffic

Search engine optimization, aka SEO, plays a vital role in today's online world, especially if it's about...

The Sudden Rise In The Demand Of Refurbished Smartphones In India!

The new normal is changing the dynamics of the Indian smartphone industry. In the last two to...

Google Chrome, the dominant partaker which accounts for two-thirds of the web browser industry, has now detected a severe threat of spying on the user data by some of its approved and listed extensions.

Yes, Chrome is under the zoom light of the bad press now! It said to have removed over 70 of its authorised Chrome extensions from the Chrome Web Store last month. The extension applications are found to be malicious and were spying on the sensitive user data like personal communication files in Gmail application, payroll details kind of information through the browsing history of the user. 

This announcement of removing the extensions by Google poised a pressing risk among its massive userbase of 3 billion users. The users of the said malicious apps are clueless about what the malware would have spied on them. This incident marks the cybersecurity menaces that are thriving rightfully with the most trusted web browser itself.

Advertisements

It is good to know that this was found out at least by now by the research team of Awake Security. But unfortunately, by now these newly found spying malwares were attacking 32 million users across the globe who directly downloaded the extension from the official Google Chrome Web Store. The researchers here accentuate the tech giant Google’s fragile protection at its browser application. 

If we dig deep into the issue of how these malware applications are scavenging the user’s data, it is found that, when a user was online and browsing, simultaneously a series of websites are connected through the active extensions in the browser. These websites then take up the role of transferring the user’s browsing data to the malicious source as per the findings of the researchers.

When asked about the recent scrutiny in the extension application in Chrome browser, Google spokesman Scott Westover told the reporters that, 

“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”

Usually, this kind of malware applications would ask users about the performance of the website or convert files from one format to the other. But this attack was novel. Here, without any disgusting questions, the so-called spyware was pipelining all of the browsing data parallelly to its malicious source where it could be manipulated in the internal data analysis tools.

This attack was also quoted as the far-reaching Chrome web store campaign to date based on the density of the downloads across the web as according to the Awake co-founder and chief scientist Gary Golomb. He also mentioned that these spyware extensions were formulated such that it can avoid detections by any of the existing antivirus or security software that verifies the online reputation of the domain authority. So only home computer users are severely affected, those using a corporate network with security software enabled are protected from this attack. Here Golomb stresses the point how the attackers are employing simple techniques to evade the user data with thousands of vicious domains.

Advertisements

Google is refusing to address this spyware incident, and why does it not found it before of its own. It still looks shady of how this malware extension infiltrated into Google’s secure platform. Researchers suggest that it could be the developers of the malicious applications who might have submitted the fake details to the mighty tech giant.

National Security Agency Engineer Ben Johnson, who is also the founder of the cybersecurity companies Carbon Black and Obsidian Security denoted that any information that was scooped off from the user’s browser, email or the sensitive essential application, it is considered to be the victim of national spying and comes under organised crime.

And those thousands of malicious domains are interlinked to more than 15000 domains, bought under a small registrar in Israel called Galcomm, which was known previously as CommuniGal Communication Ltd.

Awake points out Galcomm might have known about this spyware attacks. But in an email statement, Galcomm owner Moshe Fogel slumped all the allegations over his company and told the reporters that the company is open to cooperate with the law enforcement authorities to stave off such attacks.

Fogel also didn’t respond to the curated list of suspected domains that was sent by the reporters upon his request to inspect over the issue. Moreover, he also stresses the point that there was no record of inquiries of Golomb to the company’s email dealing with the ongoing pressing issue. The Internet Corp for Assigned Names and Numbers which supervises domain registrars said there were no complaints by Galcomm about a malware.

Recently in February, a similar chrome data breach incident found to have stolen data of over 1.7 million Chrome users. Where at that time, Google shunned off about 500 fraudulent extensions. This was discovered by the independent researcher Jamila Kaya and Cisco Systems’ Duo Security.

The numbers of deceitful extensions and malicious developers grow more massive year by year. But the tech giant assured it’s users that it will do regular security checks on its extensions based on behaviour, code and methodologies.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Global 5G Chipset Market: $22.41 Billion By 2026, Driven by 5G Smartphones

As the world has started shifting from 4G to 5G era, the global 5G chipset market has...

Launch Of JioMeet Will Make Zoom To Be The 60th Chinese App To Get Banned In India?

Today as soon as the launch of JioMeet was formally announced by Mukesh Ambani, the frontman of Reliance Industries, people quickly found...

Intel Invest in Jio Platforms: A Chance For Redemption In The Smartphone Market?

If you thought Mukesh Ambani was finally going to stop the stake selling spree in Jio Platforms after RIL was recently announced...

With The Launch of JioMeet Reliance Sets Its Eyes On Video Conferencing Market!

The race to dominate the video conferencing market has just become more interesting. As we are going through the...

Facebook To Shutdown Lasso, The TikTok Competitor: A Well Calculated Move?

By now almost everyone is aware of how Facebook Inc. (NASDAQ:FB) always attempts to copy every other popular app that tries to...

Net Worth Of Jeff Bezos Is More Than Combined Net Worth of India’s Top 10 Richest People!

Jeff Bezos and the phrase 'World's Richest Person' has become synonym to each other. But after the latest jump in the net...

In-Depth: Dprime

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

Fantastic 4: Four Day Work Week A Flashpoint Of Innovation?

It has been an idea that has been mooted by many, perhaps also somewhat sceptically. From being a dark horse to becoming...

TikTok Is Facing The Wrath Of People Who Love It The Most

Ever since the popular social media app TikTok entered India, it has been growing very aggressively in terms of users. Within a...

More Articles Like This