Google has made another sweep across the offered extensions on the Chrome Web Store by removing 106 plugins from the official browser repository. They are no longer available for download and installation by end users as they have been confirmed to contain virus code.
Chrome Web Store Has Had 106 Malware Extensions Removed By Google
A total of 106 extensions were removed from the Chrome Web Store following a standard audit by Google. The company has a policy of regularly inspecting the plugins for virus code using manual or automatic methods. The actions were done following security reports that have been given to the company (either by people or companies) that these extensions included intrusive information gathering modules. According to the data these extensions were actually data hijackers that collected personal information about the users.
Other than the standard data hijacking procedure these extensions were also found to create persistent infections inside of the computers. In the case of corporate systems and infected browsers of employees this can be used for sabotage or industrial espionage. Google has automatically alerted the extension developers and in some cases even use the reported incidents as training material which is fed to the automated security alerting system.
The goal behind a major part of the browser extensions is to is to market themselves as legitimate tools that provide useful functionality – many of them are file converters, report on data input or provide calculator functions or searches. The information shows that the total number of downloaded extensions amounts to 32 million times.
Security reports indicate that the browser extensions which have been taken down may be part of a worldwide spying campaign, giving assumptions that they may be planned by one or more hacking groups. Analysing the identification characteristics of the extensions has shown that they connected to an Internet domain registrar called CommuniGal Communication Ltd. (GalComm). The company declined knowing about the infections and state they are unaware of the malicious activity. Apparently hacking groups tend to use domain names that are registered with the company in order to host command and control servers and other infrastructure used by the extensions. Depending on the exact confirmation the malware extensions can exhibit different behavior and actions:
- Screenshot Acquiring
- Clipboard Information Harvesting
- Credentials Theft
- Keylogger Activation
- Installation of Viruses
The available information shows that more than 100 networks were abused which has resulted in effective intrusions across industries such as oil and gas companies, banks, healthcare providers, pharmaceutical corporations and government agencies. The made attacks once again shows how ‘simple” infections like malware browser extensions can cause considerable damage to a company.