Google Chrome, the dominant partaker which accounts for two-thirds of the web browser industry, has now detected a severe threat of spying on the user data by some of its approved and listed extensions.
Yes, Chrome is under the zoom light of the bad press now! It said to have removed over 70 of its authorised Chrome extensions from the Chrome Web Store last month. The extension applications are found to be malicious and were spying on the sensitive user data like personal communication files in Gmail application, payroll details kind of information through the browsing history of the user.
This announcement of removing the extensions by Google poised a pressing risk among its massive userbase of 3 billion users. The users of the said malicious apps are clueless about what the malware would have spied on them. This incident marks the cybersecurity menaces that are thriving rightfully with the most trusted web browser itself.
It is good to know that this was found out at least by now by the research team of Awake Security. But unfortunately, by now these newly found spying malwares were attacking 32 million users across the globe who directly downloaded the extension from the official Google Chrome Web Store. The researchers here accentuate the tech giant Google’s fragile protection at its browser application.
If we dig deep into the issue of how these malware applications are scavenging the user’s data, it is found that, when a user was online and browsing, simultaneously a series of websites are connected through the active extensions in the browser. These websites then take up the role of transferring the user’s browsing data to the malicious source as per the findings of the researchers.
When asked about the recent scrutiny in the extension application in Chrome browser, Google spokesman Scott Westover told the reporters that,
Usually, this kind of malware applications would ask users about the performance of the website or convert files from one format to the other. But this attack was novel. Here, without any disgusting questions, the so-called spyware was pipelining all of the browsing data parallelly to its malicious source where it could be manipulated in the internal data analysis tools.
This attack was also quoted as the far-reaching Chrome web store campaign to date based on the density of the downloads across the web as according to the Awake co-founder and chief scientist Gary Golomb. He also mentioned that these spyware extensions were formulated such that it can avoid detections by any of the existing antivirus or security software that verifies the online reputation of the domain authority. So only home computer users are severely affected, those using a corporate network with security software enabled are protected from this attack. Here Golomb stresses the point how the attackers are employing simple techniques to evade the user data with thousands of vicious domains.
Google is refusing to address this spyware incident, and why does it not found it before of its own. It still looks shady of how this malware extension infiltrated into Google’s secure platform. Researchers suggest that it could be the developers of the malicious applications who might have submitted the fake details to the mighty tech giant.
National Security Agency Engineer Ben Johnson, who is also the founder of the cybersecurity companies Carbon Black and Obsidian Security denoted that any information that was scooped off from the user’s browser, email or the sensitive essential application, it is considered to be the victim of national spying and comes under organised crime.
And those thousands of malicious domains are interlinked to more than 15000 domains, bought under a small registrar in Israel called Galcomm, which was known previously as CommuniGal Communication Ltd.
Awake points out Galcomm might have known about this spyware attacks. But in an email statement, Galcomm owner Moshe Fogel slumped all the allegations over his company and told the reporters that the company is open to cooperate with the law enforcement authorities to stave off such attacks.
Fogel also didn’t respond to the curated list of suspected domains that was sent by the reporters upon his request to inspect over the issue. Moreover, he also stresses the point that there was no record of inquiries of Golomb to the company’s email dealing with the ongoing pressing issue. The Internet Corp for Assigned Names and Numbers which supervises domain registrars said there were no complaints by Galcomm about a malware.
Recently in February, a similar chrome data breach incident found to have stolen data of over 1.7 million Chrome users. Where at that time, Google shunned off about 500 fraudulent extensions. This was discovered by the independent researcher Jamila Kaya and Cisco Systems’ Duo Security.
The numbers of deceitful extensions and malicious developers grow more massive year by year. But the tech giant assured it’s users that it will do regular security checks on its extensions based on behaviour, code and methodologies.