Google Chrome Extensions Found Spying On Users: A Serious Privacy Threat Uncovered!

Must Read

End Of Free Ride For Ola And Uber: GOI Sets New Rules For Cab Aggregators!

For long Ola and Uber have been enjoying the free ride on charging surge price from customers...

Google Pay Fee On Instant Transfer: An Indication Of Google’s Aggressive Monetisation Strategy?

Google has decided to levy fee on instant payment, starting from the US market.

Facebook’s Past Comes Back To Bite As South Korea Fines Them For 2018 Scandal

The social media behemoth Facebook Inc. (NASDAQ:FB) has once again proved they are the true arch-nemesis of...

Google Chrome, the dominant partaker which accounts for two-thirds of the web browser industry, has now detected a severe threat of spying on the user data by some of its approved and listed extensions.

Yes, Chrome is under the zoom light of the bad press now! It said to have removed over 70 of its authorised Chrome extensions from the Chrome Web Store last month. The extension applications are found to be malicious and were spying on the sensitive user data like personal communication files in Gmail application, payroll details kind of information through the browsing history of the user. 

This announcement of removing the extensions by Google poised a pressing risk among its massive userbase of 3 billion users. The users of the said malicious apps are clueless about what the malware would have spied on them. This incident marks the cybersecurity menaces that are thriving rightfully with the most trusted web browser itself.

Advertisements

It is good to know that this was found out at least by now by the research team of Awake Security. But unfortunately, by now these newly found spying malwares were attacking 32 million users across the globe who directly downloaded the extension from the official Google Chrome Web Store. The researchers here accentuate the tech giant Google’s fragile protection at its browser application. 

If we dig deep into the issue of how these malware applications are scavenging the user’s data, it is found that, when a user was online and browsing, simultaneously a series of websites are connected through the active extensions in the browser. These websites then take up the role of transferring the user’s browsing data to the malicious source as per the findings of the researchers.

When asked about the recent scrutiny in the extension application in Chrome browser, Google spokesman Scott Westover told the reporters that, 

“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”

Usually, this kind of malware applications would ask users about the performance of the website or convert files from one format to the other. But this attack was novel. Here, without any disgusting questions, the so-called spyware was pipelining all of the browsing data parallelly to its malicious source where it could be manipulated in the internal data analysis tools.

This attack was also quoted as the far-reaching Chrome web store campaign to date based on the density of the downloads across the web as according to the Awake co-founder and chief scientist Gary Golomb. He also mentioned that these spyware extensions were formulated such that it can avoid detections by any of the existing antivirus or security software that verifies the online reputation of the domain authority. So only home computer users are severely affected, those using a corporate network with security software enabled are protected from this attack. Here Golomb stresses the point how the attackers are employing simple techniques to evade the user data with thousands of vicious domains.

Advertisements

Google is refusing to address this spyware incident, and why does it not found it before of its own. It still looks shady of how this malware extension infiltrated into Google’s secure platform. Researchers suggest that it could be the developers of the malicious applications who might have submitted the fake details to the mighty tech giant.

National Security Agency Engineer Ben Johnson, who is also the founder of the cybersecurity companies Carbon Black and Obsidian Security denoted that any information that was scooped off from the user’s browser, email or the sensitive essential application, it is considered to be the victim of national spying and comes under organised crime.

And those thousands of malicious domains are interlinked to more than 15000 domains, bought under a small registrar in Israel called Galcomm, which was known previously as CommuniGal Communication Ltd.

Awake points out Galcomm might have known about this spyware attacks. But in an email statement, Galcomm owner Moshe Fogel slumped all the allegations over his company and told the reporters that the company is open to cooperate with the law enforcement authorities to stave off such attacks.

Fogel also didn’t respond to the curated list of suspected domains that was sent by the reporters upon his request to inspect over the issue. Moreover, he also stresses the point that there was no record of inquiries of Golomb to the company’s email dealing with the ongoing pressing issue. The Internet Corp for Assigned Names and Numbers which supervises domain registrars said there were no complaints by Galcomm about a malware.

Recently in February, a similar chrome data breach incident found to have stolen data of over 1.7 million Chrome users. Where at that time, Google shunned off about 500 fraudulent extensions. This was discovered by the independent researcher Jamila Kaya and Cisco Systems’ Duo Security.

The numbers of deceitful extensions and malicious developers grow more massive year by year. But the tech giant assured it’s users that it will do regular security checks on its extensions based on behaviour, code and methodologies.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Apple Mac Devices Are Being Affected By A New Malware Meant To Spy And Steal Information

If you are a Macbook user, then beware! There’s a new form of malware doing rounds on...

Decoding Slack Acquisition: A Move To Give Microsoft Taste Of Their Own Medicine?

The acquisition of Slack has left many surprised. The popular workplace messaging app Slack recently sold its business to...

The Launch of ATT Feature Will Make Apple-Facebook Privacy Feud Nasty

Apple's firm stand has itched Facebook's co-founder Mark Zuckerberg. Much of today's internet usage has become heavily...

OYO, Pandemic and Future: CEO Agarwal Makes Big Claims

If there is one sector at which the pandemic really took a swing, it is the hospitality industry. But that's not the...

UPI Transactions To Cross Record 6.5 Billion In Q4 2020

The number of UPI transactions has crossed 2 billion mark in a second consecutive month. With that, it's clear that the number...

Facebook Acquires Kustomer: Social Commerce Is The Next Big Thing, For Sure!

In a bid to strengthen its social commerce’ arm, Facebook has recently paid top dollar for their recent acquisition.

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This