Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Over 100 New Chrome Browser Extensions Caught Spying On Users

June 22, 2020
in Internet Privacy
Over 100 New Chrome Browser Extensions Caught Spying On Users
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a “massive global surveillance campaign” targeting oil and gas, finance, and healthcare sectors.

Awake Security, which disclosed the findings late last week, said the malicious browser add-ons were tied back to a single internet domain registrar, GalComm.

You might also like

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

However, it’s not immediately clear who is behind the spyware effort.

“This campaign and the Chrome extensions involved performed operations such as taking screenshots of the victim device, loading malware, reading the clipboard, and actively harvesting tokens and user input,” Awake Security said.

The extensions in question posed as utilities offering capabilities to convert files from one format to the other, among other tools for secure browsing, while relying on thousands of fake reviews to trick unsuspecting users into installing them.

Furthermore, the actors behind the operation leveraged evasion techniques to avoid flagging the domains as malicious by anti-malware solutions, thereby allowing the surveillance campaign to go undetected.

In total, the extensions were downloaded nearly 33 million times over the course of three months before Awake Security reached out to Google in May.

The search giant, in response to the disclosures, has deactivated the problematic browser extensions. The full list of offending extension IDs can be accessed here.

Telemetry data has revealed that some of these extensions were active on the networks of “financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, retail, high-tech, higher education, and government organizations,” although there’s no evidence that they were actually used to collect sensitive data.

“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” the Israel-based registrar’s owner Moshe Fogel told Reuters, which broke the development.

Deceptive extensions on the Chrome Web Store have continued to be a problem, what with bad actors exploiting it for malvertising and other data-stealing campaigns.

Earlier this February, Google removed 500 malware-ridden extensions after they were caught serving adware and sending users’ browsing activity to attacker-controlled servers. Then in April, the company yanked another set of 49 extensions that masqueraded as cryptocurrency wallets to steal Keystore information.

It’s recommended that users review extension permissions by visiting “chrome://extensions” on the Chrome browser, consider uninstalling those that are rarely used, or switch to other software alternatives that don’t require invasive access to browser activity.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

A Brief Summary of the Science of Data Analytics

Next Post

Microsoft buys IoT security firm CyberX

Related Posts

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account
Internet Privacy

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

March 4, 2021
Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams
Internet Privacy

Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams

March 4, 2021
Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
Internet Privacy

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

March 4, 2021
New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!
Internet Privacy

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!

March 3, 2021
URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
Internet Privacy

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

March 3, 2021
Next Post
Microsoft buys IoT security firm CyberX

Microsoft buys IoT security firm CyberX

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

High severity Linux network security holes found, fixed
Internet Security

High severity Linux network security holes found, fixed

March 4, 2021
A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account
Internet Privacy

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

March 4, 2021
Deno 1.8 preps for GPU-accelerated machine learning
Machine Learning

Deno 1.8 preps for GPU-accelerated machine learning

March 4, 2021
3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021
Neural Networks

3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021

March 4, 2021
How to Get More Marketing-Qualified Leads
Marketing Technology

How to Get More Marketing-Qualified Leads

March 4, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

Why developers should centralize their security – IBM Developer

March 4, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • High severity Linux network security holes found, fixed March 4, 2021
  • A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account March 4, 2021
  • Deno 1.8 preps for GPU-accelerated machine learning March 4, 2021
  • 3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021 March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates