Recently Google removed over 70 malicious chrome extension, some of the extensions have millions of Users. These malicious extensions freely available on Google Chrome due to which it would affect over 32 Million Users.
According to the latest report by Reuters, Google removed over 70 malicious chrome extensions from the web store that violated the policies of Google. Scott Westover (spokesman of Google) said “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses”.
Most of the free extension used to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools. These 70 malicious extensions were designed to bypass the security detection of Antivirus companies and security software.
When users used the browser to surf on a home computer, Researchers found that It would connect to a series of websites and transmit information of users. This shows how attackers can use an extremely simple and easy way to hide. “Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organized crime,” said former National Security Agency engineer Ben Johnson.
According to Awake co-founder and chief scientist Gary Golomb, Million of users uses these extensions and it was the most far-reaching malicious Chrome store campaign till date. Google refused to discuss the damage caused by these 70 malicious extensions and why it didn’t recognize these malicious extensions on its own. As per Awake, Developers of these extensions provided fake contact information at the time of registration to the web store. It is unclear who was behind the effort to distribute the malware.