Upon the malicious attempts, 106 Chrome extensions were removed by Chrome Web Store for collecting sensitive user data.
These malicious break-ins were discovered by a cyber-security firm named Awake Security.
Initially, 111 Chrome extensions were found malicious from the report published by Awake Security, until it was found that only 106 of them are the real threats.
These extensions posed as helping tools in Chrome, serving the purpose as file converters, security scanners, screenshot tools, and many more.
The cybersecurity firm said that the extensions contained code to bypass Google’s Chrome Web Store security scans and are able to take screenshots, read the clipboard, harvest authentication cookies, and potentially collect user’s passwords.
Awake Security believes all these extensions were created by the same threat actor.
All extensions were traced back to its origin and it was found that all domains were bought from the same registrar in Israel.
The extensions went as far as having nearly identical graphics, codebase, version numbers, and sharing the same descriptions on Chrome Web Store.
In regards to the analysis, Google has yet to determine the real culprit. False contact information was given to Google when these actors submitted their extensions.
These extensions have sneaked into private networks of giant corporations in the financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, retail, high-tech industries, higher education, and government organizations, however, there were no espionage cases reported from this finding.
By May 2020, it was found that all 111 extensions had garnered over 32,962,951 downloads.
Google has taken the steps to deactivated all malicious extensions in users’ browsers. The extensions may remain installed but disabled and marked as “malware” in the Chrome browser’s extension section.
MyCrypto director of security, Harry Denley provided ZDNet with the status of each extension. The list can be found here.
Out of all 111 extensions listed, only five are still up and running in Chrome Web Store.
As cybersecurity experts, Condition Zebra aims to cultivate good cybersecurity practices among web users. We have encountered cases of malicious attempts and worked on several projects in regards to cybersecurity protection and detection.