Over 100 Google Chrome extensions, downloaded almost 33 million times, were stealing sensitive data from their users, according to cyber security researchers from Awake Security.

The 111 browser extensions, which Google has since removed from the Chrome Web Store, stole corporate data and other sensitive information. They took screenshots, logged keystrokes, stole information from the clipboard (that had been cut or copied by users) and stole credentials.

Sign on the Google building in downtown Detroit
Google operates the Chrome browser, which runs the Chrome Web Store. Image: Shutterstock.

“The research shows that this criminal activity is being abetted by a single Internet Domain Registrar: CommuniGal Communication Ltd. (GalComm),” wrote Awake in a blog post.

Malicious browser extensions have been downloaded 32,962,951 times, “and this only accounts for the extensions that were live in the Chrome Web Store as of May 2020,” the report noted. 

The browser extensions did simple things, like convert files to and from PDFs; to switch between Bing, Google and Yahoo when opening a new tab; or to access emails by clicking the extension. 

After analyzing over 100 corporate networks across a plethora of industry, the researchers discovered that the criminals have “established a persistent foothold in almost every network.”

Malicious Chrome apps are nothing new, and many have been used to steal cryptocurrency data. 

New Google Chrome extension gives access to ‘uncensorable’ websites

The host of the “Protocol Podcast,” Eric Savics, earlier this month lost his life savings of 12 Bitcoin, worth $113,000 at the time, when he downloaded a malicious version of the Keep Key Bitcoin client on his desktop from the Google Chrome store. When Savics entered his recovery phrase, the extension nabbed it and drained his wallet. 

Is it time to start putting a warning on all Chrome extension apps?

Source: decrypt