Home > Hardware > Chrome > Google Chrome Security Breach: 33 Million Downloads Of Spyware

Google Chrome Security Breach: 33 Million Downloads Of Spyware

Researchers at Awake Security have uncovered a mass spyware effort that attacked users through some 32.96 million downloads of Google’s Chrome web browsers to date, potentially exposing sensitive information.

Awake Security Co-Found and Chief Scientist Gary Golomb told Reuters that this breach is the most far-reaching malicious Google Chrome store campaign ever, given the massive number of downloads.

The cybersecurity firm analysed over 100 networks across a number of sectors and found that the actors behind these activities had established a foothold in almost every network.

Since Awake Security alerted Google of the cybersecurity weakness last month, the tech giant has removed over 70 malicious add-ons from its official Chrome Web Store.

Google spokesman Scott Westover told Reuters: “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.”

However, Google declined to comment on the breadth of damage that this latest spyware caused, and why it failed to detect the bad extensions prior to Awake Security’s warnings.

Example of a lure to install a malicious Chrome extension (Source: Awake Security)

Most of the spyware extensions were free, and promised to warn users about dodgy sites, or help users convert files from one format to another. In reality, they gathered browsing history and data that provided credentials for access to internal business tools.

A list of IDs and names for these malicious Chrome extensions can be found here.

“Enterprise security teams would do well to recognise that rogue browser extensions pose a significant risk, especially as more of our digital life is now conducted within the browser,” Awake Security said. “Moreover, this threat is one that bypasses a number of traditional security mechanisms including endpoint security solutions, domain reputation engines, web proxies and cloud-based sandboxes.”



You may also like
CBA Partners With Govt To Test New Digital Id Verification Process
Apple’s Upgraded Businesses Connect Service Enhances Brand Visibility
Crowdstrike
Fortune 500 Companies Lost Around A$8.21 Billion In CrowdStrike Outage
Crowdstrike
CrowdStrike Shares Continue To Plunge After Causing Worldwide Tech Outages
Dropbox Sign Confirms Hackers Breached System

Popular Posts

Samsung’s New Programme Will Buy Your Old Phone
Latest News
/
/
Bigger, Mood-Reading Samsung Galaxy Ring Available Next Week
Latest News
/
/
Smartphone Shipments Increased 6.4% in 2024
Latest News
/
/
OPINION: Sonos Email To Staff Revealed, Board Members Desperate To Fix Dumped CEO’s Problems & Broken Brand
Latest News
/
/
Class Action Against Apple Commences
Latest News
/
/

Digital Magazines

Recent Post

Samsung’s New Programme Will Buy Your Old Phone
Latest News
/
//
Comments are Off
In a significant departure from its Trade-In Program which is currently available in Australia, Samsung is reportedly rolling out a...
Read More