Millions of Chrome browser users ‘hit by spyware breach in Google’s Web Store’

Security researchers who found hidden bugs siphoning off browsing data and logins believe it was the worst such attack to date
Google previously said it would improve security of Chrome by increasing human review of browser extensions
PA

Millions of Chrome browser users were exposed to a record spyware breach linked to add-ons downloaded from Google’s official Web Store, security researchers have found.

The discovery is believed to be one of the biggest such attacks and resulted in Google removing more than 70 malicious extensions for its market-leading software.

Most of the free browser extensions - downloaded about 32 million times - claimed to warn users about unsafe websites or convert files from one format to another.

However, they were found by California-based Awake to instead be hoovering up users’ browsing history and website logins.

The latest discovery resulted in Google removing more than 70 malicious extensions from Chrome's Web Store
Google

Researchers found that when a user surfed the web with a compromised Chrome browser on their personal computer that it would in fact connect to a series of third-party websites harvesting their information. Some of the offending add-ons discovered by Awake included TheSecureWeb, Search Manager, MyDocstoPDF and EasyConvert.

However, when systems were connected to corporate networks they were found not to have transmitted sensitive data or connect to the harvesting sites.

Based on the number of downloads, it appears to be the most far-reaching malicious Chrome store campaign targeting personal data, Awake co-founder Gary Golomb told Reuters.

But it is unclear who was behind the effort to distribute the spyware as Awake found the developers supplied fake contact information when they submitted the extensions to Google.

The extensions claimed to warn users about unsafe websites or convert files from one format to another
Shutterstock

Mr Golomb said: “This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains.”

He added the extensions were designed to avoid detection by antivirus and security software meant to evaluate the integrity of web domains.

More than 15,000 of the re-direct sites syphoning people's data were found by Awake after reportedly being purchased from a web registrar in Israel, which denied any involvement or complicity in their improper use.

Google says "regular sweeps" are undertaken to hunt for fraudulent add-ons
Yui Mok/PA Wire

Former National Security Agency engineer Ben Johnson said: “Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organised crime.”

Google had previously said it would improve the security of Chrome, which has about two billion active installs, by increasing human review of browser extensions.

However, the latest revelations come after a similar spyware was discovered in April affecting about 1.7 million users, followed by a Google investigation uncovering 500 fraudulent extensions.

Google spokesman Scott Westover said: “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses."

He added: “We do regular sweeps to find extensions using similar techniques, code and behaviours.”

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in